‼ CVE-2021-43278 ‼
📖 Read
via "National Vulnerability Database".
An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43391 ‼
📖 Read
via "National Vulnerability Database".
An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43279 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43275 ‼
📖 Read
via "National Vulnerability Database".
A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26795 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43277 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43276 ‼
📖 Read
via "National Vulnerability Database".
An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA Viewer before 2022.8. Crafted data in a DWF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43274 ‼
📖 Read
via "National Vulnerability Database".
A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43273 ‼
📖 Read
via "National Vulnerability Database".
An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43336 ‼
📖 Read
via "National Vulnerability Database".
An Out-of-Bounds Write vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43390 ‼
📖 Read
via "National Vulnerability Database".
An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43280 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16152 ‼
📖 Read
via "National Vulnerability Database".
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41057 ‼
📖 Read
via "National Vulnerability Database".
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43618 ‼
📖 Read
via "National Vulnerability Database".
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43620 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first '\0' byte, which might not be the end of the string.📖 Read
via "National Vulnerability Database".
🗓️ Removing need to unlock mobile wallets for contactless payments has eroded security protections, researchers warn 🗓️
📖 Read
via "The Daily Swig".
Mind the gap📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Removing need to unlock mobile wallets for contactless payments has eroded security protections, researchers warn
Mind the gap
🕴 How Visibility Became the Lifeblood of SecOps and Business Success 🕴
📖 Read
via "Dark Reading".
The best way to succeed in the long-term cybersecurity is to invest in visibility because you can't protect or defend against what you can't see.📖 Read
via "Dark Reading".
Dark Reading
How Visibility Became the Lifeblood of SecOps and Business Success
The best way to succeed in long-term cybersecurity is to invest in visibility because you can't protect or defend against what you can't see.
🦿 Facebook and Google "listening" is more pervasive than you think 🦿
📖 Read
via "Tech Republic".
Yet another consumer is disturbed by the sketchy algorithms deployed by Facebook. Here's how the app knows what you're talking about and what to do about it.📖 Read
via "Tech Republic".
TechRepublic
Facebook and Google "listening" is more pervasive than you think
Yet another consumer is disturbed by the sketchy algorithms deployed by Facebook. Here's how the app knows what you're talking about and what to do about it.
🦿 Malicious shopping websites surge in number in advance of Black Friday 🦿
📖 Read
via "Tech Republic".
More than 5,300 malicious websites have popped up each week, the highest since the start of 2021, says Check Point Research.📖 Read
via "Tech Republic".
TechRepublic
Malicious shopping websites surge in number in advance of Black Friday
More than 5,300 malicious websites have popped up each week, the highest since the start of 2021, says Check Point Research.
🗓️ Vulnerability in FBI email infrastructure allowed malicious actor to send false cyber-attack warnings to thousands 🗓️
📖 Read
via "The Daily Swig".
Security issue saw fake emails sent from legitimate agency accounts📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Vulnerability in FBI email infrastructure allowed malicious actor to send false cyber-attack warnings to thousands
Security issue saw fake emails sent from legitimate agency accounts