βΌ CVE-2021-39184 βΌ
π Read
via "National Vulnerability Database".
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38862 βΌ
π Read
via "National Vulnerability Database".
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38915 βΌ
π Read
via "National Vulnerability Database".
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.π Read
via "National Vulnerability Database".
π¦Ώ Get lifetime access to 9 courses to help you pass the most popular CompTIA exams π¦Ώ
π Read
via "Tech Republic".
You can develop the skills to qualify you for a variety of tech careers all online and on your own schedule.π Read
via "Tech Republic".
TechRepublic
Get lifetime access to 9 courses to help you pass the most popular CompTIA exams
You can develop the skills to qualify you for a variety of tech careers all online and on your own schedule.
βοΈ Patch Tuesday, October 2021 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited in active attacks. This month's Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.π Read
via "Krebs on Security".
Krebs on Security
Patch Tuesday, October 2021 Edition
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited in active attacks. This month's Patch Tuesday also includes security fixesβ¦
π΄ Smaller 'Bit and Piece' DDoS Attacks Slam Servers to Evade Mitigation Systems π΄
π Read
via "Dark Reading".
Nearly all DDoS attacks in the first half of 2021 were less than 1 Gbps, Nexusguard found.π Read
via "Dark Reading".
Dark Reading
Smaller 'Bit and Piece' DDoS Attacks Slam Servers to Evade Mitigation Systems
Nearly all DDoS attacks in the first half of 2021 were less than 1 Gbps, Nexusguard found.
π΄ High-Profile Breaches Are Shifting Enterprise Security Strategy π΄
π Read
via "Dark Reading".
Increased media attention is driving changes in enterprise security strategy -- some positive, some negative.π Read
via "Dark Reading".
Dark Reading
High-Profile Breaches Are Shifting Enterprise Security Strategy
Increased media attention is driving changes in enterprise security strategy -- some positive, some negative.
β Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign β
π Read
via "Threat Post".
Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers.π Read
via "Threat Post".
Threat Post
Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs
Microsoft put out security fixes for 74 vulnerabilities, one of which is being actively exploited to deliver the new MysterySnail RAT to Windows servers.
βΌ CVE-2020-22679 βΌ
π Read
via "National Vulnerability Database".
Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42325 βΌ
π Read
via "National Vulnerability Database".
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22678 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22674 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22673 βΌ
π Read
via "National Vulnerability Database".
Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22677 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22675 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.π Read
via "National Vulnerability Database".
π΄ Former Director of IT and Cybersecurity for Warren Presidential Campaign Launches Personified π΄
π Read
via "Dark Reading".
Founder and CEO Mike Marotti will lead experts in campaign security to help progressive politicians and organizations with cybersecurity and IT needs.π Read
via "Dark Reading".
Dark Reading
Former Director of IT and Cybersecurity for Warren Presidential Campaign Launches Personified
Founder and CEO Mike Marotti will lead experts in campaign security to help progressive politicians and organizations with cybersecurity and IT needs.
π΄ Microsoft Fixes Zero-Day Flaw in Win32 Driver π΄
π Read
via "Dark Reading".
A previously known threat actor is using the flaw in a broad cyber-espionage campaign, security vendor warns.π Read
via "Dark Reading".
Dark Reading
Microsoft Fixes Zero-Day Flaw in Win32 Driver
A previously known threat actor is using the flaw in a broad cyber-espionage campaign, security vendor warns.
βΌ CVE-2021-20031 βΌ
π Read
via "National Vulnerability Database".
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3322 βΌ
π Read
via "National Vulnerability Database".
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3π Read
via "National Vulnerability Database".
βΌ CVE-2021-3330 βΌ
π Read
via "National Vulnerability Database".
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456π Read
via "National Vulnerability Database".
βΌ CVE-2021-3321 βΌ
π Read
via "National Vulnerability Database".
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99π Read
via "National Vulnerability Database".