βΌ CVE-2021-40853 βΌ
π Read
via "National Vulnerability Database".
TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18078 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8968 βΌ
π Read
via "National Vulnerability Database".
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0674 βΌ
π Read
via "National Vulnerability Database".
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38883 βΌ
π Read
via "National Vulnerability Database".
IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32499 βΌ
π Read
via "National Vulnerability Database".
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4010 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0676 βΌ
π Read
via "National Vulnerability Database".
In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4009 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40850 βΌ
π Read
via "National Vulnerability Database".
TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.π Read
via "National Vulnerability Database".
β Malicious Joker App Scores Half-Million Downloads on Google Play β
π Read
via "Threat Post".
Joker malware was found lurking in the Color Message app, ready to fleece unsuspecting users with premium SMS charges.π Read
via "Threat Post".
Threat Post
Malicious Joker App Scores Half-Million Downloads on Google Play
Joker malware was found lurking in the Color Message app, ready to fleece unsuspecting users with premium SMS charges.
β Spider-Man Movie Release Frenzy Bites Fans with Credit-Card Harvesting β
π Read
via "Threat Post".
Attackers are using the excitement over the new Spider-Man movie to steal bank information and spread malware. π Read
via "Threat Post".
β Facebook Bans Spy-for-Hire Firms for Targeting 50K People β
π Read
via "Threat Post".
Meta, Facebookβs parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targetsβ phones.π Read
via "Threat Post".
Threat Post
Facebook Bans Spy-for-Hire Firms for Targeting 50K People
Meta, Facebookβs parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targetsβ phones.
π΄ Meta Acts Against 7 Entities Found Spying on 50,000 Users π΄
π Read
via "Dark Reading".
The parent company of Facebook and Instagram has warned some 50,000 account holders they are targets of surveillance.π Read
via "Dark Reading".
Dark Reading
Meta Acts Against 7 Entities Found Spying on 50,000 Users
The parent company of Facebook and Instagram has warned some 50,000 account holders they are targets of surveillance.
βΌ CVE-2021-23797 βΌ
π Read
via "National Vulnerability Database".
All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23803 βΌ
π Read
via "National Vulnerability Database".
This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23450 βΌ
π Read
via "National Vulnerability Database".
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41496 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41495 βΌ
π Read
via "National Vulnerability Database".
Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating and sort arrays.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33430 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23814 βΌ
π Read
via "National Vulnerability Database".
This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload window - Upload an image file, then capture the request - Edit the request contents with a malicious file (webshell) - Enter the path of file uploaded on URL - Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories).π Read
via "National Vulnerability Database".