‼ CVE-2021-43805 ‼
📖 Read
via "National Vulnerability Database".
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity.📖 Read
via "National Vulnerability Database".
🕴 5 Ways GRC & Security Can Partner to Reduce Insider Risk 🕴
📖 Read
via "Dark Reading".
In 2022, data governance, risk, and compliance (GRC) and security need to partner to implement a modern approach to data protection: insider risk management.📖 Read
via "Dark Reading".
Dark Reading
5 Ways GRC & Security Can Partner to Reduce Insider Risk
In 2022, data governance, risk, and compliance (GRC) and security need to partner to implement a modern approach to data protection: insider risk management.
❌ Windows 10 Drive-By RCE Triggered by Default URI Handler ❌
📖 Read
via "Threat Post".
There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.📖 Read
via "Threat Post".
Threat Post
Windows 10 Drive-By RCE Triggered by Default URI Handler
There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.
❌ When Scammers Get Scammed, They Take It to Cybercrime Court ❌
📖 Read
via "Threat Post".
Underground arbitration system settles disputes between cybercriminals.📖 Read
via "Threat Post".
Threat Post
When Scammers Get Scammed, They Take It to Cybercrime Court
Underground arbitration system settles disputes between cybercriminals.
‼ CVE-2021-43003 ‼
📖 Read
via "National Vulnerability Database".
Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient <= v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42977 ‼
📖 Read
via "National Vulnerability Database".
NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12140 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42990 ‼
📖 Read
via "National Vulnerability Database".
FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40859 ‼
📖 Read
via "National Vulnerability Database".
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43006 ‼
📖 Read
via "National Vulnerability Database".
AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal DVM Tools <= v3.3.148.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42980 ‼
📖 Read
via "National Vulnerability Database".
NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42976 ‼
📖 Read
via "National Vulnerability Database".
NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42994 ‼
📖 Read
via "National Vulnerability Database".
Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37940 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42986 ‼
📖 Read
via "National Vulnerability Database".
NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40288 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43798 ‼
📖 Read
via "National Vulnerability Database".
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42993 ‼
📖 Read
via "National Vulnerability Database".
FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24041 ‼
📖 Read
via "National Vulnerability Database".
A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42973 ‼
📖 Read
via "National Vulnerability Database".
NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42979 ‼
📖 Read
via "National Vulnerability Database".
NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".