βΌ CVE-2021-0422 βΌ
π Read
via "National Vulnerability Database".
In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381071.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0660 βΌ
π Read
via "National Vulnerability Database".
In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3819 βΌ
π Read
via "National Vulnerability Database".
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-23243 βΌ
π Read
via "National Vulnerability Database".
In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3818 βΌ
π Read
via "National Vulnerability Database".
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40106 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.π Read
via "National Vulnerability Database".
β 3.8 Billion Usersβ Combined Clubhouse, Facebook Data Up for Sale β
π Read
via "Threat Post".
Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn. π Read
via "Threat Post".
Threat Post
3.8 Billion Usersβ Combined Clubhouse, Facebook Data Up for Sale
Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn.
ποΈ OWASP toasts 20th anniversary with revised Top 10 for 2021 ποΈ
π Read
via "The Daily Swig".
Non-profit confirms latest iteration of web attack hit list during 24-hour live eventπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
OWASP toasts 20th anniversary with revised Top 10 for 2021
Non-profit confirms latest iteration of web attack hit list during 24-hour live event
π OpenSSH 8.8p1 π
π Read
via "Packet Storm Security".
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSH 8.8p1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β EU: Russia Behind βGhostwriterβ Campaign Targeting Germany β
π Read
via "Threat Post".
It's not the first time that the disinformation/spearphishing campaign, which originally smeared NATO, has been linked to Russia.π Read
via "Threat Post".
Threat Post
EU: Russia Behind βGhostwriterβ Campaign Targeting Germany
It's not the first time that the disinformation/spearphishing campaign, which originally smeared NATO, has been linked to Russia.
ποΈ Google Chrome to incorporate new secure payment feature ποΈ
π Read
via "The Daily Swig".
New tech touted as faster and stronger than web-based authentication alternativesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google Chrome to incorporate new secure payment feature
New tech touted as faster and stronger than web-based authentication alternatives
βΌ CVE-2021-34409 βΌ
π Read
via "National Vulnerability Database".
User-writable pre and post-install scripts unpacked during the Zoom Client for Meetings for MacOS installation before version 5.2.0 allow for privilege escalation to root.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34416 βΌ
π Read
via "National Vulnerability Database".
The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33907 βΌ
π Read
via "National Vulnerability Database".
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36218 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior to v1.77.0 and not reproducible in latest sgxwallet v1.77.0π Read
via "National Vulnerability Database".
βΌ CVE-2021-36219 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a non-initialized pointer from the stack. An attacker can chain multiple enclave calls to prepare a stack that contains a valid address. This address is then freed, resulting in compromised integrity of the enclave. This was resolved after v1.58.3 and not reproducible in sgxwallet v1.77.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34411 βΌ
π Read
via "National Vulnerability Database".
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34414 βΌ
π Read
via "National Vulnerability Database".
The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network proxy configuration, which could lead to remote command injection on the on-premise image by a web portal administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34410 βΌ
π Read
via "National Vulnerability Database".
A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22272 βΌ
π Read
via "National Vulnerability Database".
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouchπ Read
via "National Vulnerability Database".
βΌ CVE-2021-36878 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.π Read
via "National Vulnerability Database".