βΌ CVE-2021-3820 βΌ
π Read
via "National Vulnerability Database".
inflect is vulnerable to Inefficient Regular Expression Complexityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-0421 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3822 βΌ
π Read
via "National Vulnerability Database".
jsoneditor is vulnerable to Inefficient Regular Expression Complexityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3828 βΌ
π Read
via "National Vulnerability Database".
nltk is vulnerable to Inefficient Regular Expression Complexityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-0610 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05411456.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0422 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381071.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0660 βΌ
π Read
via "National Vulnerability Database".
In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3819 βΌ
π Read
via "National Vulnerability Database".
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-23243 βΌ
π Read
via "National Vulnerability Database".
In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3818 βΌ
π Read
via "National Vulnerability Database".
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40106 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.π Read
via "National Vulnerability Database".
β 3.8 Billion Usersβ Combined Clubhouse, Facebook Data Up for Sale β
π Read
via "Threat Post".
Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn. π Read
via "Threat Post".
Threat Post
3.8 Billion Usersβ Combined Clubhouse, Facebook Data Up for Sale
Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn.
ποΈ OWASP toasts 20th anniversary with revised Top 10 for 2021 ποΈ
π Read
via "The Daily Swig".
Non-profit confirms latest iteration of web attack hit list during 24-hour live eventπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
OWASP toasts 20th anniversary with revised Top 10 for 2021
Non-profit confirms latest iteration of web attack hit list during 24-hour live event
π OpenSSH 8.8p1 π
π Read
via "Packet Storm Security".
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSH 8.8p1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β EU: Russia Behind βGhostwriterβ Campaign Targeting Germany β
π Read
via "Threat Post".
It's not the first time that the disinformation/spearphishing campaign, which originally smeared NATO, has been linked to Russia.π Read
via "Threat Post".
Threat Post
EU: Russia Behind βGhostwriterβ Campaign Targeting Germany
It's not the first time that the disinformation/spearphishing campaign, which originally smeared NATO, has been linked to Russia.
ποΈ Google Chrome to incorporate new secure payment feature ποΈ
π Read
via "The Daily Swig".
New tech touted as faster and stronger than web-based authentication alternativesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google Chrome to incorporate new secure payment feature
New tech touted as faster and stronger than web-based authentication alternatives
βΌ CVE-2021-34409 βΌ
π Read
via "National Vulnerability Database".
User-writable pre and post-install scripts unpacked during the Zoom Client for Meetings for MacOS installation before version 5.2.0 allow for privilege escalation to root.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34416 βΌ
π Read
via "National Vulnerability Database".
The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33907 βΌ
π Read
via "National Vulnerability Database".
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36218 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior to v1.77.0 and not reproducible in latest sgxwallet v1.77.0π Read
via "National Vulnerability Database".
βΌ CVE-2021-36219 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a non-initialized pointer from the stack. An attacker can chain multiple enclave calls to prepare a stack that contains a valid address. This address is then freed, resulting in compromised integrity of the enclave. This was resolved after v1.58.3 and not reproducible in sgxwallet v1.77.0.π Read
via "National Vulnerability Database".