βΌ CVE-2021-44045 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43035 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43041 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43036 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43043 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43033 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43040 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43044 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43034 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43038 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43039 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43037 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43042 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker.π Read
via "National Vulnerability Database".
ποΈ Crypto-exchange BitMart reports $150 million theft following hack ποΈ
π Read
via "The Daily Swig".
Security firm said attackers executed a βtransfer-out, swap, and washβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Crypto-exchange BitMart reports $150 million theft following hack
Security firm said attackers executed a βtransfer-out, swap, and washβ
βΌ CVE-2021-4069 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Use After Freeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-43469 βΌ
π Read
via "National Vulnerability Database".
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.π Read
via "National Vulnerability Database".
β Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it β
π Read
via "Naked Security".
Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.π Read
via "Naked Security".
Naked Security
Mozilla patches critical βBigSigβ cryptographic bug: Hereβs how to track it down and fix it
Mozillaβs cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
βΌ CVE-2021-43471 βΌ
π Read
via "National Vulnerability Database".
In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability.π Read
via "National Vulnerability Database".
π΄ Why the C-Suite Doesn't Need Access to All Corporate Data π΄
π Read
via "Dark Reading".
If zero trust is to work properly, then it must apply to everyone.π Read
via "Dark Reading".
Dark Reading
Why the C-Suite Doesn't Need Access to All Corporate Data
If zero trust is to work properly, then it must apply to everyone.
π¦Ώ How to lock a Zoom meeting to keep out unwanted guests π¦Ώ
π Read
via "Tech Republic".
One good way to prevent unwelcome participants or late arrivals from joining your Zoom meetings is to lock those meetings. Here's a look at how it's done.π Read
via "Tech Republic".
TechRepublic
How to lock a Zoom meeting to keep out unwanted guests | TechRepublic
One good way to prevent unwelcome participants or late arrivals from joining your Zoom meetings is to lock those meetings. Here's a look at how it's done.
ποΈ Critical vulnerabilities in open source forum software NodeBB could lead to RCE ποΈ
π Read
via "The Daily Swig".
Personal data, account access is at riskπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical vulnerabilities in open source forum software NodeBB could lead to RCE
Personal data, account access is at risk