βΌ CVE-2021-35494 βΌ
π Read
via "National Vulnerability Database".
The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contain a race condition that allows a low privileged authenticated attacker via the REST API to obtain read access to temporary objects created by other users on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3671 βΌ
π Read
via "National Vulnerability Database".
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35495 βΌ
π Read
via "National Vulnerability Database".
The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35496 βΌ
π Read
via "National Vulnerability Database".
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39184 βΌ
π Read
via "National Vulnerability Database".
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38862 βΌ
π Read
via "National Vulnerability Database".
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38915 βΌ
π Read
via "National Vulnerability Database".
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.π Read
via "National Vulnerability Database".
π¦Ώ Get lifetime access to 9 courses to help you pass the most popular CompTIA exams π¦Ώ
π Read
via "Tech Republic".
You can develop the skills to qualify you for a variety of tech careers all online and on your own schedule.π Read
via "Tech Republic".
TechRepublic
Get lifetime access to 9 courses to help you pass the most popular CompTIA exams
You can develop the skills to qualify you for a variety of tech careers all online and on your own schedule.
βοΈ Patch Tuesday, October 2021 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited in active attacks. This month's Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.π Read
via "Krebs on Security".
Krebs on Security
Patch Tuesday, October 2021 Edition
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited in active attacks. This month's Patch Tuesday also includes security fixesβ¦
π΄ Smaller 'Bit and Piece' DDoS Attacks Slam Servers to Evade Mitigation Systems π΄
π Read
via "Dark Reading".
Nearly all DDoS attacks in the first half of 2021 were less than 1 Gbps, Nexusguard found.π Read
via "Dark Reading".
Dark Reading
Smaller 'Bit and Piece' DDoS Attacks Slam Servers to Evade Mitigation Systems
Nearly all DDoS attacks in the first half of 2021 were less than 1 Gbps, Nexusguard found.
π΄ High-Profile Breaches Are Shifting Enterprise Security Strategy π΄
π Read
via "Dark Reading".
Increased media attention is driving changes in enterprise security strategy -- some positive, some negative.π Read
via "Dark Reading".
Dark Reading
High-Profile Breaches Are Shifting Enterprise Security Strategy
Increased media attention is driving changes in enterprise security strategy -- some positive, some negative.
β Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign β
π Read
via "Threat Post".
Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers.π Read
via "Threat Post".
Threat Post
Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs
Microsoft put out security fixes for 74 vulnerabilities, one of which is being actively exploited to deliver the new MysterySnail RAT to Windows servers.
βΌ CVE-2020-22679 βΌ
π Read
via "National Vulnerability Database".
Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42325 βΌ
π Read
via "National Vulnerability Database".
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22678 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22674 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22673 βΌ
π Read
via "National Vulnerability Database".
Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22677 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22675 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.π Read
via "National Vulnerability Database".
π΄ Former Director of IT and Cybersecurity for Warren Presidential Campaign Launches Personified π΄
π Read
via "Dark Reading".
Founder and CEO Mike Marotti will lead experts in campaign security to help progressive politicians and organizations with cybersecurity and IT needs.π Read
via "Dark Reading".
Dark Reading
Former Director of IT and Cybersecurity for Warren Presidential Campaign Launches Personified
Founder and CEO Mike Marotti will lead experts in campaign security to help progressive politicians and organizations with cybersecurity and IT needs.
π΄ Microsoft Fixes Zero-Day Flaw in Win32 Driver π΄
π Read
via "Dark Reading".
A previously known threat actor is using the flaw in a broad cyber-espionage campaign, security vendor warns.π Read
via "Dark Reading".
Dark Reading
Microsoft Fixes Zero-Day Flaw in Win32 Driver
A previously known threat actor is using the flaw in a broad cyber-espionage campaign, security vendor warns.