βΌ CVE-2021-42565 βΌ
π Read
via "National Vulnerability Database".
myfactory.FMS before 7.1-912 allows XSS via the UID parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42566 βΌ
π Read
via "National Vulnerability Database".
myfactory.FMS before 7.1-912 allows XSS via the Error parameter.π Read
via "National Vulnerability Database".
ποΈ Google, Mozilla close to finalizing Sanitizer API for Chrome and Firefox browsers ποΈ
π Read
via "The Daily Swig".
Latest specification is a work in progressπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google, Mozilla close to finalizing Sanitizer API for Chrome and Firefox browsers
Latest specification is a work in progress
β Cybersecurity Awareness Month: Building your career β
π Read
via "Naked Security".
Explore. Experience. Share. How to get into cybersecurity...π Read
via "Naked Security".
Naked Security
Cybersecurity Awareness Month: Building your career
Explore. Experience. Share. How to get into cybersecurityβ¦
ποΈ Bugs in malware create βbackdoorsβ for security researchers ποΈ
π Read
via "The Daily Swig".
Black hat trickery switched around to boost security defensesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bugs in malware create βbackdoorsβ for security researchers
Black hat trickery switched around to boost security defenses
βΌ CVE-2021-22961 βΌ
π Read
via "National Vulnerability Database".
A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution.π Read
via "National Vulnerability Database".
βΌ CVE-2010-2496 βΌ
π Read
via "National Vulnerability Database".
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38389 βΌ
π Read
via "National Vulnerability Database".
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38440 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38434 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33023 βΌ
π Read
via "National Vulnerability Database".
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38426 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38436 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38442 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8291 βΌ
π Read
via "National Vulnerability Database".
A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21797 βΌ
π Read
via "National Vulnerability Database".
An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22942 βΌ
π Read
via "National Vulnerability Database".
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38430 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could result in a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21796 βΌ
π Read
via "National Vulnerability Database".
An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38438 βΌ
π Read
via "National Vulnerability Database".
A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malformed project file, which may allow arbitrary code execution.π Read
via "National Vulnerability Database".
ποΈ Node.js was vulnerable to a novel HTTP request smuggling technique ποΈ
π Read
via "The Daily Swig".
Bad line termination and incorrect parsing of chunk extensions exposed one of two HRS flawsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Node.js was vulnerable to a novel HTTP request smuggling technique
Bad line termination and incorrect parsing of chunk extensions exposed one of two HRS flaws