βΌ CVE-2020-19611 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.π Read
via "National Vulnerability Database".
ποΈ Flaws in Tongaβs top-level domain left Google, Amazon, Tether web services vulnerable to takeover ποΈ
π Read
via "The Daily Swig".
Misaligned incentives are undermining efforts to tackle TLD bugs with βmass-scale impactβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Flaws in Tongaβs top-level domain left Google, Amazon, Tether web services vulnerable to takeover
Misaligned incentives are undermining efforts to tackle TLD bugs with βmass-scale impactβ
βΌ CVE-2021-37041 βΌ
π Read
via "National Vulnerability Database".
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read.π Read
via "National Vulnerability Database".
β Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators β
π Read
via "Threat Post".
The malware's unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.π Read
via "Threat Post".
Threat Post
Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators
The malware's unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.
β Firefox update brings a whole new sort of security sandbox β
π Read
via "Naked Security".
Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.π Read
via "Naked Security".
Naked Security
Firefox update brings a whole new sort of security sandbox
Firefox 95.0 is out, with the usual security fixes⦠plus some funky new ones.
β Cryptocurrency startup fails to subtract before adding, loses $31m β
π Read
via "Naked Security".
Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take away 42. How much is left?π Read
via "Naked Security".
Naked Security
Cryptocurrency startup fails to subtract before adding, loses $31m
Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didnβt take away 42. How much is left?
π¦Ώ How employee burnout may be putting your organization at risk π¦Ώ
π Read
via "Tech Republic".
With pandemic-induced pressures impacting many employees, burnout can easily lead to security risks, says 1Password.π Read
via "Tech Republic".
TechRepublic
How employee burnout may be putting your organization at risk
With pandemic-induced pressures impacting many employees, burnout can easily lead to security risks, says 1Password.
βΌ CVE-2021-37062 βΌ
π Read
via "National Vulnerability Database".
There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37094 βΌ
π Read
via "National Vulnerability Database".
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37077 βΌ
π Read
via "National Vulnerability Database".
There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37068 βΌ
π Read
via "National Vulnerability Database".
There is a Resource Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of Service Attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37086 βΌ
π Read
via "National Vulnerability Database".
There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across the UID sandbox.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37079 βΌ
π Read
via "National Vulnerability Database".
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37064 βΌ
π Read
via "National Vulnerability Database".
There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37020 βΌ
π Read
via "National Vulnerability Database".
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37081 βΌ
π Read
via "National Vulnerability Database".
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to nearby crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37095 βΌ
π Read
via "National Vulnerability Database".
There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37099 βΌ
π Read
via "National Vulnerability Database".
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37061 βΌ
π Read
via "National Vulnerability Database".
There is a Uncontrolled Resource Consumption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Screen projection application denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37096 βΌ
π Read
via "National Vulnerability Database".
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43176 βΌ
π Read
via "National Vulnerability Database".
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied Γ’β¬ΕactionΓ’β¬οΏ½ parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the action. This permits an attacker to execute any PHP source file with a .php extension that is present on the disk and readable by the GOautodial web server process. Combined with CVE-2021-43175, it is possible for the attacker to do this without valid credentials. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:Cπ Read
via "National Vulnerability Database".