‼ CVE-2021-43847 ‼
📖 Read
via "National Vulnerability Database".
HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43029 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43748 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43021 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EXR file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42808 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43028 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38415 ‼
📖 Read
via "National Vulnerability Database".
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22056 ‼
📖 Read
via "National Vulnerability Database".
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44181 ‼
📖 Read
via "National Vulnerability Database".
Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43023 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EPS/TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40784 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43750 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44182 ‼
📖 Read
via "National Vulnerability Database".
Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44697 ‼
📖 Read
via "National Vulnerability Database".
Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MOV file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44180 ‼
📖 Read
via "National Vulnerability Database".
Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42809 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44699 ‼
📖 Read
via "National Vulnerability Database".
Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44179 ‼
📖 Read
via "National Vulnerability Database".
Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44183 ‼
📖 Read
via "National Vulnerability Database".
Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.📖 Read
via "National Vulnerability Database".
🕴 Russian National Extradited for Illegal Hacking & Trading 🕴
📖 Read
via "Dark Reading".
Vladislav Klyushin was allegedly involved in a global operation to trade on nonpublic data stolen from US computer networks.📖 Read
via "Dark Reading".
Dark Reading
Russian National Extradited for Illegal Hacking & Trading
Vladislav Klyushin was allegedly involved in a global operation to trade on nonpublic data stolen from US computer networks.
🕴 New Log4j Attack Vector Discovered 🕴
📖 Read
via "Dark Reading".
Meanwhile, Apache Foundation releases third update to logging tool in 10 days to address yet another flaw.📖 Read
via "Dark Reading".
Dark Reading
New Log4j Attack Vector Discovered
Meanwhile, Apache Foundation releases third update to logging tool in 10 days to address yet another flaw.