โผ CVE-2021-24853 โผ
๐ Read
via "National Vulnerability Database".
The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42379 (busybox) โผ
๐ Read
via "National Vulnerability Database".
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function๐ Read
via "National Vulnerability Database".
โผ CVE-2020-12905 โผ
๐ Read
via "National Vulnerability Database".
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-25982 โผ
๐ Read
via "National Vulnerability Database".
In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the รขโฌลsearchรขโฌ๏ฟฝ parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42703 (webaccess_hmi_designer) โผ
๐ Read
via "National Vulnerability Database".
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the userรขโฌโขs cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-12903 โผ
๐ Read
via "National Vulnerability Database".
Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42385 (busybox) โผ
๐ Read
via "National Vulnerability Database".
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function๐ Read
via "National Vulnerability Database".
โผ CVE-2021-25985 โผ
๐ Read
via "National Vulnerability Database".
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a userรขโฌโขs session even after the user logs out of the application. In addition, user sessions are stored in the browserรขโฌโขs local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, followed by a local account takeover.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-29861 โผ
๐ Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-26323 โผ
๐ Read
via "National Vulnerability Database".
Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24802 โผ
๐ Read
via "National Vulnerability Database".
The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack๐ Read
via "National Vulnerability Database".
โผ CVE-2021-41266 โผ
๐ Read
via "National Vulnerability Database".
Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affected and are advised to update to 0.12.3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42373 โผ
๐ Read
via "National Vulnerability Database".
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42721 โผ
๐ Read
via "National Vulnerability Database".
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42374 โผ
๐ Read
via "National Vulnerability Database".
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that๐ Read
via "National Vulnerability Database".
โผ CVE-2020-12902 โผ
๐ Read
via "National Vulnerability Database".
Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42377 โผ
๐ Read
via "National Vulnerability Database".
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.๐ Read
via "National Vulnerability Database".
โ Emotet malware: โThe report of my death was an exaggerationโ โ
๐ Read
via "Naked Security".
"Old malware rarely dies." The best way to predict the future is to look at the past... if it worked before, it will probably work again.๐ Read
via "Naked Security".
Naked Security
Emotet malware: โThe report of my death was an exaggerationโ
โOld malware rarely dies.โ The best way to predict the future is to look at the pastโฆ if it worked before, it will probably work again.
โ The self-driving smart suitcaseโฆ that the person behind you can hijack! โ
๐ Read
via "Naked Security".
Apparently, we need a self-driving IoT Bluetooth robot suitcase. Who knew?๐ Read
via "Naked Security".
Naked Security
The self-driving smart suitcaseโฆ that the person behind you can hijack!
Apparently, we need a self-driving IoT Bluetooth robot suitcase. Who knew?
๐ฆฟ Your weak passwords can be cracked in less than a second ๐ฆฟ
๐ Read
via "Tech Republic".
Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass.๐ Read
via "Tech Republic".
TechRepublic
Your weak passwords can be cracked in less than a second
Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass.
๐ฆฟ How to protect your organization from ransomware attacks during the holiday season ๐ฆฟ
๐ Read
via "Tech Republic".
A quarter of security pros polled by Cybereason said they lack a plan to deal with a ransomware attack during a weekend or holiday.๐ Read
via "Tech Republic".
TechRepublic
How to protect your organization from ransomware attacks during the holiday season
A quarter of security pros polled by Cybereason said they lack a plan to deal with a ransomware attack during a weekend or holiday.