βΌ CVE-2021-37099 βΌ
π Read
via "National Vulnerability Database".
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37061 βΌ
π Read
via "National Vulnerability Database".
There is a Uncontrolled Resource Consumption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Screen projection application denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37096 βΌ
π Read
via "National Vulnerability Database".
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43176 βΌ
π Read
via "National Vulnerability Database".
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied Γ’β¬ΕactionΓ’β¬οΏ½ parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the action. This permits an attacker to execute any PHP source file with a .php extension that is present on the disk and readable by the GOautodial web server process. Combined with CVE-2021-43175, it is possible for the attacker to do this without valid credentials. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:Cπ Read
via "National Vulnerability Database".
βΌ CVE-2021-43789 βΌ
π Read
via "National Vulnerability Database".
PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43175 βΌ
π Read
via "National Vulnerability Database".
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:Cπ Read
via "National Vulnerability Database".
βΌ CVE-2021-37091 βΌ
π Read
via "National Vulnerability Database".
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37014 βΌ
π Read
via "National Vulnerability Database".
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to device cannot be used properly.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37100 βΌ
π Read
via "National Vulnerability Database".
There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43805 βΌ
π Read
via "National Vulnerability Database".
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity.π Read
via "National Vulnerability Database".
π΄ 5 Ways GRC & Security Can Partner to Reduce Insider Risk π΄
π Read
via "Dark Reading".
In 2022, data governance, risk, and compliance (GRC) and security need to partner to implement a modern approach to data protection: insider risk management.π Read
via "Dark Reading".
Dark Reading
5 Ways GRC & Security Can Partner to Reduce Insider Risk
In 2022, data governance, risk, and compliance (GRC) and security need to partner to implement a modern approach to data protection: insider risk management.
β Windows 10 Drive-By RCE Triggered by Default URI Handler β
π Read
via "Threat Post".
There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.π Read
via "Threat Post".
Threat Post
Windows 10 Drive-By RCE Triggered by Default URI Handler
There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.
β When Scammers Get Scammed, They Take It to Cybercrime Court β
π Read
via "Threat Post".
Underground arbitration system settles disputes between cybercriminals.π Read
via "Threat Post".
Threat Post
When Scammers Get Scammed, They Take It to Cybercrime Court
Underground arbitration system settles disputes between cybercriminals.
βΌ CVE-2021-43003 βΌ
π Read
via "National Vulnerability Database".
Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient <= v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42977 βΌ
π Read
via "National Vulnerability Database".
NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12140 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42990 βΌ
π Read
via "National Vulnerability Database".
FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40859 βΌ
π Read
via "National Vulnerability Database".
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43006 βΌ
π Read
via "National Vulnerability Database".
AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal DVM Tools <= v3.3.148.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42980 βΌ
π Read
via "National Vulnerability Database".
NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42976 βΌ
π Read
via "National Vulnerability Database".
NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.π Read
via "National Vulnerability Database".