βΌ CVE-2020-23879 βΌ
π Read
via "National Vulnerability Database".
pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23888 βΌ
π Read
via "National Vulnerability Database".
A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted psd file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23901 βΌ
π Read
via "National Vulnerability Database".
A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23894 βΌ
π Read
via "National Vulnerability Database".
A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23899 βΌ
π Read
via "National Vulnerability Database".
A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23895 βΌ
π Read
via "National Vulnerability Database".
A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23889 βΌ
π Read
via "National Vulnerability Database".
A User Mode Write AV starting at Editor!TMethodImplementationIntercept+0x4189c6 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted ico file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23872 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-23890 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648.π Read
via "National Vulnerability Database".
π΄ Hacker-for-Hire Group Spied on More Than 3,500 Targets in 18 Months π΄
π Read
via "Dark Reading".
Russian-speaking "Void Balaur" group's victims include politicians, dissidents, human rights activists, doctors, and journalists, security vendor discloses at Black Hat Europe 2021.π Read
via "Dark Reading".
Dark Reading
Hacker-for-Hire Group Spied on More Than 3,500 Targets in 18 Months
Russian-speaking "Void Balaur" group's victims include politicians, dissidents, human rights activists, doctors, and journalists, security vendor discloses at Black Hat Europe 2021.
π΄ New Application Security Toolkit Uncovers Dependency Confusion Attacks π΄
π Read
via "Dark Reading".
The Dependency Combobulator is an open source Python-based toolkit that helps developers discover malicious software components that may have accidentally been added to their projects.π Read
via "Dark Reading".
Dark Reading
New Application Security Toolkit Uncovers Dependency Confusion Attacks
The Dependency Combobulator is an open source Python-based toolkit that helps developers discover malicious software components that may have accidentally been added to their projects.
βΌ CVE-2021-40873 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40871 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40872 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33816 βΌ
π Read
via "National Vulnerability Database".
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33618 βΌ
π Read
via "National Vulnerability Database".
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26558 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25980 βΌ
π Read
via "National Vulnerability Database".
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the Γ’β¬Εforgot passwordΓ’β¬οΏ½ functionality to reset the victimΓ’β¬β’s password and successfully take over their account.π Read
via "National Vulnerability Database".
π΄ Should Our Security Controls Be More Like North Korea or Norway? π΄
π Read
via "Dark Reading".
When the drive for additional visibility and awareness is led by the business rather than just a SOC team, both the business and security can benefit.π Read
via "Dark Reading".
Dark Reading
Should Our Security Controls Be More Like North Korea or Norway?
When the drive for additional visibility and awareness is led by the business rather than just a SOC team, both the business and security can benefit.
β Tiny Font Size Fools Email Filters in BEC Phishing β
π Read
via "Threat Post".
The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials.π Read
via "Threat Post".
Threat Post
Tiny Font Size Fools Email Filters in BEC Phishing
The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials.
ποΈ Dependency Combobulator offers defense against namespace confusion attacks ποΈ
π Read
via "The Daily Swig".
Toolkit βtackles common scenariosβ and can evolve to detect emerging attack variantsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Dependency Combobulator offers defense against namespace confusion attacks
Toolkit βtackles common scenariosβ and can evolve to detect emerging attack variants