βΌ CVE-2021-36324 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41229 βΌ
π Read
via "National Vulnerability Database".
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3938 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3918 βΌ
π Read
via "National Vulnerability Database".
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3775 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-3945 βΌ
π Read
via "National Vulnerability Database".
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3921 βΌ
π Read
via "National Vulnerability Database".
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-3776 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-3932 βΌ
π Read
via "National Vulnerability Database".
twill is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-3915 βΌ
π Read
via "National Vulnerability Database".
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Typeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3683 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-3931 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-41653 βΌ
π Read
via "National Vulnerability Database".
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43616 βΌ
π Read
via "National Vulnerability Database".
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json.π Read
via "National Vulnerability Database".
β DHS warning about hackers in your network? Donβt panic! β
π Read
via "Naked Security".
Fake warnings and false accusations - it's a "call to distraction"π Read
via "Naked Security".
Naked Security
FBI email hack spreads fake security alerts. Hereβs what to doβ¦
Fake warnings and false accusations β itβs a βcall to distractionβ
βοΈ Hoax Email Blast Abused Poor Coding in FBI Website βοΈ
π Read
via "Krebs on Security".
The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.π Read
via "Krebs on Security".
Krebs on Security
Hoax Email Blast Abused Poor Coding in FBI Website
The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibilityβ¦
βΌ CVE-2020-14424 βΌ
π Read
via "National Vulnerability Database".
Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43272 βΌ
π Read
via "National Vulnerability Database".
An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping upon an exception. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43278 βΌ
π Read
via "National Vulnerability Database".
An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43391 βΌ
π Read
via "National Vulnerability Database".
An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43279 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.π Read
via "National Vulnerability Database".