βΌ CVE-2021-3734 βΌ
π Read
via "National Vulnerability Database".
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Framesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-27944 βΌ
π Read
via "National Vulnerability Database".
Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38559 βΌ
π Read
via "National Vulnerability Database".
DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.π Read
via "National Vulnerability Database".
π¦Ώ Tech companies pledge to help toughen US cybersecurity in White House meeting π¦Ώ
π Read
via "Tech Republic".
Apple, Google, Microsoft and others will fund new technologies and training as part of the nation's struggle to combat cyberattacks.π Read
via "Tech Republic".
π Wireshark Analyzer 3.4.8 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.4.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-36352 βΌ
π Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32076 βΌ
π Read
via "National Vulnerability Database".
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the Γ’β¬ΕWeb Help Desk Getting Started WizardΓ’β¬οΏ½, especially the admin account creationpage, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.π Read
via "National Vulnerability Database".
π¦Ώ Google and mobile operating systems top list of privacy concerns, says Kaspersky π¦Ώ
π Read
via "Tech Republic".
Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture.π Read
via "Tech Republic".
TechRepublic
Google and mobile operating systems top list of privacy concerns, says Kaspersky
Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture.
β F5 Bug Could Lead to Complete System Takeover β
π Read
via "Threat Post".
The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode.π Read
via "Threat Post".
Threat Post
F5 Bug Could Lead to Complete System Takeover
The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode.
βΌ CVE-2021-40147 βΌ
π Read
via "National Vulnerability Database".
EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.π Read
via "National Vulnerability Database".
π¦Ώ How to create locally signed SSL certificates with mkcert π¦Ώ
π Read
via "Tech Republic".
If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. Jack Wallen shows you how to use this handy tool.π Read
via "Tech Republic".
TechRepublic
How to create locally signed SSL certificates with mkcert
If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. Jack Wallen shows you how to use this handy tool.
π California Reminds Healthcare Orgs of Data Breach Reporting Obligations π
π Read
via "".
Hospitals and healthcare providers in the state have been failing to report ransomware attacks that impact health data belonging to patients.π Read
via "".
Digital Guardian
California Reminds Healthcare Orgs of Data Breach Reporting Obligations
Hospitals and healthcare providers in the state have been failing to report ransomware attacks that impact health data belonging to patients.
βΌ CVE-2021-29487 βΌ
π Read
via "National Vulnerability Database".
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. This only affects frontend users and the attacker must obtain a Laravel secret key for cookie encryption and signing in order to exploit this vulnerability. The issue has been patched in Build 472 and v1.1.5.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36929 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2020-18476 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18477 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36928 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36931.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30599 βΌ
π Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30601 βΌ
π Read
via "National Vulnerability Database".
Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32648 βΌ
π Read
via "National Vulnerability Database".
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30596 βΌ
π Read
via "National Vulnerability Database".
Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.π Read
via "National Vulnerability Database".