‼ CVE-2021-32648 ‼
📖 Read
via "National Vulnerability Database".
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30596 ‼
📖 Read
via "National Vulnerability Database".
Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18468 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30602 ‼
📖 Read
via "National Vulnerability Database".
Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36931 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36928.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18470 ‼
📖 Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30603 ‼
📖 Read
via "National Vulnerability Database".
Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18475 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30594 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30604 ‼
📖 Read
via "National Vulnerability Database".
Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30593 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30597 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30590 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
❌ Man Sues Parents of Teens Who Hijacked Nearly $1M in Bitcoin ❌
📖 Read
via "Threat Post".
Now adults, the then-teens apparently used clipboard hijacking malware to steal Bitcoin.📖 Read
via "Threat Post".
Threat Post
Man Sues Parents of Teens Who Hijacked Nearly $1M in Bitcoin
Now adults, the then-teens apparently used clipboard hijacking malware to steal Bitcoin.
‼ CVE-2021-39161 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse's default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37715 ‼
📖 Read
via "National Vulnerability Database".
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39165 ‼
📖 Read
via "National Vulnerability Database".
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29727 ‼
📖 Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29862 ‼
📖 Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29801 ‼
📖 Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29715 ‼
📖 Read
via "National Vulnerability Database".
IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018.📖 Read
via "National Vulnerability Database".