βΌ CVE-2021-38893 βΌ
π Read
via "National Vulnerability Database".
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44422 βΌ
π Read
via "National Vulnerability Database".
An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38900 βΌ
π Read
via "National Vulnerability Database".
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44423 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. The specific issue exists after loading BMP files. Unchecked input data from a crafted BMP file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38966 βΌ
π Read
via "National Vulnerability Database".
IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44860 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44917 βΌ
π Read
via "National Vulnerability Database".
A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44925 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44922 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44920 βΌ
π Read
via "National Vulnerability Database".
An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44923 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44927 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44918 βΌ
π Read
via "National Vulnerability Database".
A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44926 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in the gpac in the gf_node_get_tag function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44921 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44919 βΌ
π Read
via "National Vulnerability Database".
A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44924 βΌ
π Read
via "National Vulnerability Database".
An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.π Read
via "National Vulnerability Database".
π¦Ώ How to check if your Linux servers are vulnerable to the Log4j flaw with a single command π¦Ώ
π Read
via "Tech Republic".
Jack Wallen shows you a quick way to test if your Linux servers are vulnerable to the Log4j vulnerability.π Read
via "Tech Republic".
TechRepublic
How to check if your Linux servers are vulnerable to the Log4j flaw with a single command
Jack Wallen shows you a quick way to test if your Linux servers are vulnerable to the Log4j vulnerability.
βΌ CVE-2021-43851 βΌ
π Read
via "National Vulnerability Database".
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file.π Read
via "National Vulnerability Database".
π’ NCA donates 225 million passwords to Have I Been Pwned π’
π Read
via "ITPro".
The move comes as both UK and US national crime-fighting agencies collaborate with the popular compromised credential checkerπ Read
via "ITPro".
IT PRO
NCA donates 225 million passwords to Have I Been Pwned | IT PRO
The move comes as both UK and US national crime-fighting agencies collaborate with the popular compromised credential checker
π’ Google Cloud extends partnership with Minsait π’
π Read
via "ITPro".
New deal will help improve digital sovereignty in Spainβs public and private sector organizationsπ Read
via "ITPro".
IT PRO
Google Cloud extends partnership with Minsait | IT PRO
New deal will help improve digital sovereignty in Spainβs public and private sector organizations