βΌ CVE-2021-44003 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44446 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44448 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44522 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44431 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14841)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44445 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15054)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44449 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830)π Read
via "National Vulnerability Database".
βΌ CVE-2021-4104 βΌ
π Read
via "National Vulnerability Database".
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44004 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44007 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44012 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102)π Read
via "National Vulnerability Database".
βΌ CVE-2021-44523 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries.π Read
via "National Vulnerability Database".
β βSeedwormβ Attackers Target Telcos in Asia, Middle East β
π Read
via "Threat Post".
The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.π Read
via "Threat Post".
Threat Post
βSeedwormβ Attackers Target Telcos in Asia, Middle East
The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.
ποΈ Severe Chrome bug allowed RCE on devices running remote headless interface ποΈ
π Read
via "The Daily Swig".
Attackers could read and write arbitrary files to a deviceβs hard driveπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Severe Chrome bug allowed RCE on devices running remote headless interface
Attackers could read and write arbitrary files to a deviceβs hard drive
π΄ Combat Misinformation by Getting Back to Security Basics π΄
π Read
via "Dark Reading".
One volley of fake news may land, but properly trained AI can shut down similar attempts at their sources.π Read
via "Dark Reading".
Dark Reading
Combat Misinformation by Getting Back to Security Basics
One volley of fake news may land, but properly trained AI can shut down similar attempts at their sources.
βΌ CVE-2021-45014 βΌ
π Read
via "National Vulnerability Database".
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26π Read
via "National Vulnerability Database".
βΌ CVE-2021-44538 βΌ
π Read
via "National Vulnerability Database".
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45015 βΌ
π Read
via "National Vulnerability Database".
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3376 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44935 βΌ
π Read
via "National Vulnerability Database".
glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36721 βΌ
π Read
via "National Vulnerability Database".
Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.π Read
via "National Vulnerability Database".