ποΈ Bugs in malware create βbackdoorsβ for security researchers ποΈ
π Read
via "The Daily Swig".
Black hat trickery switched around to boost security defensesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bugs in malware create βbackdoorsβ for security researchers
Black hat trickery switched around to boost security defenses
βΌ CVE-2021-22961 βΌ
π Read
via "National Vulnerability Database".
A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution.π Read
via "National Vulnerability Database".
βΌ CVE-2010-2496 βΌ
π Read
via "National Vulnerability Database".
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38389 βΌ
π Read
via "National Vulnerability Database".
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38440 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38434 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33023 βΌ
π Read
via "National Vulnerability Database".
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38426 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38436 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38442 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8291 βΌ
π Read
via "National Vulnerability Database".
A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21797 βΌ
π Read
via "National Vulnerability Database".
An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22942 βΌ
π Read
via "National Vulnerability Database".
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38430 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could result in a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21796 βΌ
π Read
via "National Vulnerability Database".
An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38438 βΌ
π Read
via "National Vulnerability Database".
A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malformed project file, which may allow arbitrary code execution.π Read
via "National Vulnerability Database".
ποΈ Node.js was vulnerable to a novel HTTP request smuggling technique ποΈ
π Read
via "The Daily Swig".
Bad line termination and incorrect parsing of chunk extensions exposed one of two HRS flawsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Node.js was vulnerable to a novel HTTP request smuggling technique
Bad line termination and incorrect parsing of chunk extensions exposed one of two HRS flaws
π¦Ώ Cybersecurity Awareness Month: Why haven't you updated your security policies? π¦Ώ
π Read
via "Tech Republic".
While you're sipping that pumpkin spice latte, make sure to review your company's cybersecurity policies.π Read
via "Tech Republic".
TechRepublic
Cybersecurity Awareness Month: Why haven't you updated your security policies?
While you're sipping that pumpkin spice latte, make sure to review your company's cybersecurity policies.
β Twitter Suspends Accounts Used to Snare Security Researchers β
π Read
via "Threat Post".
The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea.π Read
via "Threat Post".
Threat Post
Twitter Suspends Accounts Used to Snare Security Researchers
The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea.
βΌ CVE-2021-24752 βΌ
π Read
via "National Vulnerability Database".
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4's configurations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24415 βΌ
π Read
via "National Vulnerability Database".
The Polo Video Gallery ΓΒ’Γ’β¬Òβ¬Ε Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcodeπ Read
via "National Vulnerability Database".