πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44044 β€Ό

An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

πŸ“– Read

via "National Vulnerability Database".
479 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-37253 β€Ό

M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers).

πŸ“– Read

via "National Vulnerability Database".
466 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44048 β€Ό

An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

πŸ“– Read

via "National Vulnerability Database".
342 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44046 β€Ό

An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function (verifying input data from a U3D file) leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process.

πŸ“– Read

via "National Vulnerability Database".
293 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44047 β€Ό

A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

πŸ“– Read

via "National Vulnerability Database".
303 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44045 β€Ό

An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

πŸ“– Read

via "National Vulnerability Database".
286 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43035 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account.

πŸ“– Read

via "National Vulnerability Database".
269 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43041 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.

πŸ“– Read

via "National Vulnerability Database".
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43036 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak.

πŸ“– Read

via "National Vulnerability Database".
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43043 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.

πŸ“– Read

via "National Vulnerability Database".
202 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43033 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls.

πŸ“– Read

via "National Vulnerability Database".
202 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43040 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.

πŸ“– Read

via "National Vulnerability Database".
197 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43044 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43034 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.

πŸ“– Read

via "National Vulnerability Database".
216 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43038 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.

πŸ“– Read

via "National Vulnerability Database".
231 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43039 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access.

πŸ“– Read

via "National Vulnerability Database".
301 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43037 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.

πŸ“– Read

via "National Vulnerability Database".
340 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43042 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker.

πŸ“– Read

via "National Vulnerability Database".
350 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Crypto-exchange BitMart reports $150 million theft following hack πŸ—“οΈ

Security firm said attackers executed a β€˜transfer-out, swap, and wash’

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Crypto-exchange BitMart reports $150 million theft following hack
Security firm said attackers executed a β€˜transfer-out, swap, and wash’
351 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-4069 β€Ό

vim is vulnerable to Use After Free

πŸ“– Read

via "National Vulnerability Database".
337 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43469 β€Ό

VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.

πŸ“– Read

via "National Vulnerability Database".
307 views