βΌ CVE-2021-30734 βΌ
π Read
via "National Vulnerability Database".
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1843 βΌ
π Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30741 βΌ
π Read
via "National Vulnerability Database".
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28580 βΌ
π Read
via "National Vulnerability Database".
Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffer overflow vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30759 βΌ
π Read
via "National Vulnerability Database".
A stack overflow was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30756 βΌ
π Read
via "National Vulnerability Database".
A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1874 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to execute arbitrary code with kernel privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30729 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1836 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1852 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory.π Read
via "National Vulnerability Database".
β Windows zero-day MSHTML attack β how not to get booby trapped! β
π Read
via "Naked Security".
Zero-day bug in MSHTML, the "mini-Internet Explorer" component of Windows, triggered by booby trapped Office files.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π¦Ώ Microsoft warns of attacks targeting Office documents π¦Ώ
π Read
via "Tech Republic".
Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents.π Read
via "Tech Republic".
β TeamTNTβs New Tools Target Multiple OS β
π Read
via "Threat Post".
The attackers are indiscriminately striking thousands of victims worldwide with their new βChimaeraβ campaign.π Read
via "Threat Post".
Threat Post
TeamTNTβs New Tools Target Multiple OS
The attackers are indiscriminately striking thousands of victims worldwide with their new βChimaeraβ campaign.
β Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports β
π Read
via "Threat Post".
Australian immunization app bug lets attackers fake vaccine status.π Read
via "Threat Post".
Threat Post
Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports
Australian immunization app bug lets attackers fake vaccine status.
βΌ CVE-2021-28566 βΌ
π Read
via "National Vulnerability Database".
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3053 βΌ
π Read
via "National Vulnerability Database".
An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40346 βΌ
π Read
via "National Vulnerability Database".
An integer overflow exists in HAProxy 2.0 through 2.5 in the htx_add_header() can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33981 βΌ
π Read
via "National Vulnerability Database".
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28567 βΌ
π Read
via "National Vulnerability Database".
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3049 βΌ
π Read
via "National Vulnerability Database".
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33982 βΌ
π Read
via "National Vulnerability Database".
An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.π Read
via "National Vulnerability Database".