‼ CVE-2021-39048 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43814 ‼
📖 Read
via "National Vulnerability Database".
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39049 ‼
📖 Read
via "National Vulnerability Database".
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39057 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32024 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4496 ‼
📖 Read
via "National Vulnerability Database".
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43817 ‼
📖 Read
via "National Vulnerability Database".
Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. Users should upgrade to Collabora Online 6.4.16 or higher or Collabora Online 4.2.20 or higher. Collabora Online Development Edition 21.11 is not affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39050 ‼
📖 Read
via "National Vulnerability Database".
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43822 ‼
📖 Read
via "National Vulnerability Database".
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API (PHPCR) using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible, you can escape all places where `$property` is used to filter `sv:name` in the class `Jackalope\Transport\DoctrineDBAL\Query\QOMWalker`: `XPath::escape($property)`. Node names and xpaths can contain `"` or `;` according to the JCR specification. The jackalope component that translates the query object model into doctrine dbal queries does not properly escape the names and paths, so that a accordingly crafted node name can lead to an SQL injection. If queries are never done from user input, or if you validate the user input to not contain `;`, you are not affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38901 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39063 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43801 ‼
📖 Read
via "National Vulnerability Database".
Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8.10.0 to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2. As a workaround users may use a custom error handler.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43823 ‼
📖 Read
via "National Vulnerability Database".
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticated bad actor to create many Saved Searches or Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in version 3.33.2 and any future versions of Sourcegraph. We strongly encourage upgrading to secure versions. If you are unable to, you may disable Saved Searches and Code Monitors.📖 Read
via "National Vulnerability Database".
🕴 40% of Corporate Networks Targeted by Attackers Seeking to Exploit Log4j 🕴
📖 Read
via "Dark Reading".
More than 60 variants of the original exploit were introduced over the last day alone.📖 Read
via "Dark Reading".
Dark Reading
40% of Corporate Networks Targeted by Attackers Seeking to Exploit Log4j
More than 60 variants of the original exploit were introduced over the last day alone.
🕴 Why Classifying Ransomware as a National Security Threat Matters 🕴
📖 Read
via "Dark Reading".
Government actions help starve attack groups of the resources - money, ability to recruit, and time.📖 Read
via "Dark Reading".
Dark Reading
Why Classifying Ransomware as a National Security Threat Matters
Government actions help starve attack groups of the resources - money, ability to recruit, and time.
‼ CVE-2021-24045 ‼
📖 Read
via "National Vulnerability Database".
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19042 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41272 ‼
📖 Read
via "National Vulnerability Database".
Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contracts that ask for shifts between approximately 2 billion and 4 billion bits (nonsensical but valid values for the operation) will fail to execute and hence fail to validate. In networks where vulnerable versions are mining with other clients or non-vulnerable versions this will result in a fork and the relevant transactions will not be included in the fork. In networks where vulnerable versions are not mining (such as Rinkeby) no fork will result and the validator nodes will stop accepting blocks. In networks where only vulnerable versions are mining the relevant transaction will not be included in any blocks. When the network adds a non-vulnerable version the network will act as in the first case. Besu 21.10.2 contains a patch for this issue. Besu 21.7.4 is not vulnerable and clients can roll back to that version. There is a workaround available: Once a transaction with the relevant shift operations is included in the canonical chain, the only remediation is to make sure all nodes are on non-vulnerable versions.📖 Read
via "National Vulnerability Database".
❌ Kronos Ransomware Outage Drives Widespread Payroll Chaos ❌
📖 Read
via "Threat Post".
Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses ands vacation tracking.📖 Read
via "Threat Post".
Threat Post
Kronos Ransomware Outage Drives Widespread Payroll Chaos
Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses and vacation tracking.
🕴 Tales from the Dark Web: Fingerprinting Access Brokers on Criminal Forums 🕴
📖 Read
via "Dark Reading".
Every high-profile breach leaves a trail of bread crumbs, and defenders who monitor access brokers can connect the dots and detect attacks as they unfold.📖 Read
via "Dark Reading".
Dark Reading
Tales from the Dark Web: Fingerprinting Access Brokers on Criminal Forums
Every high-profile breach leaves a trail of bread crumbs, and defenders who monitor access brokers can connect the dots and detect attacks as they unfold.
⚠ Log4Shell explained – how it works, why you need to know, and how to fix it ⚠
📖 Read
via "Naked Security".
Find out how to deal with the Log2Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News