βΌ CVE-2021-42292 βΌ
π Read
via "National Vulnerability Database".
Microsoft Excel Security Feature Bypass Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41366 βΌ
π Read
via "National Vulnerability Database".
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42304 βΌ
π Read
via "National Vulnerability Database".
Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42303.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42288 βΌ
π Read
via "National Vulnerability Database".
Windows Hello Security Feature Bypass Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42279 βΌ
π Read
via "National Vulnerability Database".
Chakra Scripting Engine Memory Corruption Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41367 βΌ
π Read
via "National Vulnerability Database".
NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41370, CVE-2021-42283.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41373 βΌ
π Read
via "National Vulnerability Database".
FSLogix Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41356 βΌ
π Read
via "National Vulnerability Database".
Windows Denial of Service Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42323 βΌ
π Read
via "National Vulnerability Database".
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42301.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31853 βΌ
π Read
via "National Vulnerability Database".
DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.π Read
via "National Vulnerability Database".
ποΈ Apache Storm maintainers patch two pre-auth RCE vulnerabilities ποΈ
π Read
via "The Daily Swig".
High-risk issues were discovered by GitHubβs in-house security teamπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Apache Storm maintainers patch two pre-auth RCE vulnerabilities
High-risk issues were discovered by GitHubβs in-house security team
βΌ CVE-2021-34598 βΌ
π Read
via "National Vulnerability Database".
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is activeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39474 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43136 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34582 βΌ
π Read
via "National Vulnerability Database".
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25974 βΌ
π Read
via "National Vulnerability Database".
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a Γ’β¬ΕpublisherΓ’β¬οΏ½ role is able to inject and execute arbitrary JavaScript code while creating a page/article.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25975 βΌ
π Read
via "National Vulnerability Database".
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with Γ’β¬ΕpublisherΓ’β¬οΏ½ role to inject malicious JavaScript via the uploaded html file.π Read
via "National Vulnerability Database".
π΄ Dark Reading Video News Desk Comes to Black Hat Europe π΄
π Read
via "Dark Reading".
While attendees join Black Hat Europe 2021 virtually and live in London, we bring you prerecorded interviews from remote offices around the world.π Read
via "Dark Reading".
Dark Reading
Dark Reading Video News Desk Comes to Black Hat Europe
While attendees join Black Hat Europe 2021 virtually and live in London, we bring you prerecorded interviews from remote offices around the world.
ποΈ Black Hat Europe: Laws and regulations need to change to secure worldβs digital infrastructure ποΈ
π Read
via "The Daily Swig".
Better incentives to build secure products needed, former MEP tells conferenceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Black Hat Europe: Laws and regulations need to change to secure worldβs digital infrastructure
Better incentives to build secure products needed, former MEP tells conference
β New Android Spyware Poses Pegasus-Like Threat β
π Read
via "Threat Post".
PhoneSpy already has stolen data and tracked the activity of targets in South Korea, disguising itself as legitimate lifestyle apps.π Read
via "Threat Post".
Threat Post
New Android Spyware Poses Pegasus-Like Threat
PhoneSpy already has stolen data and tracked the activity of targets in South Korea, disguising itself as legitimate lifestyle apps.
π΄ Researcher Details Vulnerabilities Found in AWS API Gateway π΄
π Read
via "Dark Reading".
AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.π Read
via "Dark Reading".
Dark Reading
Researcher Details Vulnerabilities Found in AWS API Gateway
AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.