‼ CVE-2021-39926 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39924 ‼
📖 Read
via "National Vulnerability Database".
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29328 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29329 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39921 ‼
📖 Read
via "National Vulnerability Database".
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3962 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in ImageMagick 7.1.0-14 where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39925 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39929 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29325 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22030 ‼
📖 Read
via "National Vulnerability Database".
In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41569 ‼
📖 Read
via "National Vulnerability Database".
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29324 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29327 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29323 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44036 ‼
📖 Read
via "National Vulnerability Database".
Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22028 ‼
📖 Read
via "National Vulnerability Database".
In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39922 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39923 ‼
📖 Read
via "National Vulnerability Database".
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44037 ‼
📖 Read
via "National Vulnerability Database".
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.📖 Read
via "National Vulnerability Database".
❌ Iranians Charged in Cyberattacks Against U.S. 2020 Election ❌
📖 Read
via "Threat Post".
The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.📖 Read
via "Threat Post".
Threat Post
Iranians Charged in Cyberattacks Against U.S. 2020 Election
Meanwhile, the State Department offered a $10M reward for tips on Iran-based threat actors accused of voter intimidation and disinformation.
‼ CVE-2021-23433 ‼
📖 Read
via "National Vulnerability Database".
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns.📖 Read
via "National Vulnerability Database".