βΌ CVE-2021-0634 βΌ
π Read
via "National Vulnerability Database".
In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594994; Issue ID: ALPS05594994.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0625 βΌ
π Read
via "National Vulnerability Database".
In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0613 βΌ
π Read
via "National Vulnerability Database".
In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05489178.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41035 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24514 βΌ
π Read
via "National Vulnerability Database".
The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
ποΈ Popular NPM package UA-Parser-JS poisoned with cryptomining, password-stealing malware ποΈ
π Read
via "The Daily Swig".
Developer moves quickly to address vulnerabilities after his account was compromisedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Popular NPM package UA-Parser-JS poisoned with cryptomining, password-stealing malware
Developer moves quickly to address vulnerabilities after his account was compromised
βΌ CVE-2021-24699 βΌ
π Read
via "National Vulnerability Database".
The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0663 βΌ
π Read
via "National Vulnerability Database".
In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844458; Issue ID: ALPS05844458.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24744 βΌ
π Read
via "National Vulnerability Database".
The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0662 βΌ
π Read
via "National Vulnerability Database".
In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844434; Issue ID: ALPS05844434.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0411 βΌ
π Read
via "National Vulnerability Database".
In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561362; Issue ID: ALPS05561362.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0941 βΌ
π Read
via "National Vulnerability Database".
In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24414 βΌ
π Read
via "National Vulnerability Database".
The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcodeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24885 βΌ
π Read
via "National Vulnerability Database".
The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-0615 βΌ
π Read
via "National Vulnerability Database".
In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561369; Issue ID: ALPS05561369.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0630 βΌ
π Read
via "National Vulnerability Database".
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20908 βΌ
π Read
via "National Vulnerability Database".
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field.π Read
via "National Vulnerability Database".
π¦Ώ REvil ransomware group reportedly taken offline by multi-nation effort π¦Ώ
π Read
via "Tech Republic".
Law enforcement officials and cyber specialists hacked into REvil's network, gaining control of some of its servers, sources told Reuters.π Read
via "Tech Republic".
TechRepublic
REvil ransomware group reportedly taken offline by multi-nation effort
Law enforcement officials and cyber specialists hacked into REvil's network, gaining control of some of its servers, sources told Reuters.
π¦Ώ Companies that pay ransomware attackers get thumbs down from consumers π¦Ώ
π Read
via "Tech Republic".
More than half of those surveyed by data management firm Cohesity said that companies that pay the ransom in an attack encourage ransomware and bad actors.π Read
via "Tech Republic".
TechRepublic
Companies that pay ransomware attackers get thumbs down from consumers
More than half of those surveyed by data management firm Cohesity said that companies that pay the ransom in an attack encourage ransomware and bad actors.
β Listen up 4 β CYBERSECURITY FIRST! Purple teaming β learning to think like your adversaries β
π Read
via "Naked Security".
Michelle Farenci knows her stuff, because she's a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.π Read
via "Naked Security".
Naked Security
Listen up 4 β CYBERSECURITY FIRST! Purple teaming β learning to think like your adversaries
Michelle Farenci knows her stuff, because sheβs a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.
β Listen up 4 β CYBERSECURITY FIRST! Purple teaming β learning to think like your adversaries β
π Read
via "Naked Security".
Michelle Farenci knows her stuff, because she's a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.π Read
via "Naked Security".
Naked Security
Listen up 4 β CYBERSECURITY FIRST! Purple teaming β learning to think like your adversaries
Michelle Farenci knows her stuff, because sheβs a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.