βΌ CVE-2021-44923 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44927 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44918 βΌ
π Read
via "National Vulnerability Database".
A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44926 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in the gpac in the gf_node_get_tag function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44921 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44919 βΌ
π Read
via "National Vulnerability Database".
A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44924 βΌ
π Read
via "National Vulnerability Database".
An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.π Read
via "National Vulnerability Database".
π¦Ώ How to check if your Linux servers are vulnerable to the Log4j flaw with a single command π¦Ώ
π Read
via "Tech Republic".
Jack Wallen shows you a quick way to test if your Linux servers are vulnerable to the Log4j vulnerability.π Read
via "Tech Republic".
TechRepublic
How to check if your Linux servers are vulnerable to the Log4j flaw with a single command
Jack Wallen shows you a quick way to test if your Linux servers are vulnerable to the Log4j vulnerability.
βΌ CVE-2021-43851 βΌ
π Read
via "National Vulnerability Database".
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file.π Read
via "National Vulnerability Database".
π’ NCA donates 225 million passwords to Have I Been Pwned π’
π Read
via "ITPro".
The move comes as both UK and US national crime-fighting agencies collaborate with the popular compromised credential checkerπ Read
via "ITPro".
IT PRO
NCA donates 225 million passwords to Have I Been Pwned | IT PRO
The move comes as both UK and US national crime-fighting agencies collaborate with the popular compromised credential checker
π’ Google Cloud extends partnership with Minsait π’
π Read
via "ITPro".
New deal will help improve digital sovereignty in Spainβs public and private sector organizationsπ Read
via "ITPro".
IT PRO
Google Cloud extends partnership with Minsait | IT PRO
New deal will help improve digital sovereignty in Spainβs public and private sector organizations
π’ What is the Log4Shell vulnerability? π’
π Read
via "ITPro".
The critical flaw affecting products built using Java is set to cause headaches in the enterprise for months to comeπ Read
via "ITPro".
ITPro
What is the Log4Shell vulnerability?
The critical flaw affecting products built using Java is set to cause headaches in the enterprise for months to come
π’ T-Mobile: Scam calls hit an all-time high in 2021 π’
π Read
via "ITPro".
The carrier reported a 116% increase in fraudulent calls compared to 2020π Read
via "ITPro".
IT PRO
T-Mobile: Scam calls hit an all-time high in 2021 | IT PRO
The carrier reported a 116% increase in fraudulent calls compared to 2020
π’ Hackers bypass patched Microsoft Office flaw to inject Formbook malware π’
π Read
via "ITPro".
The attack is thought to be a dry run for a wider campaign in the futureπ Read
via "ITPro".
ITPro
Hackers bypass patched Microsoft Office flaw to inject Formbook malware
The attack is thought to be a dry run for a wider campaign in the future
π’ Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp π’
π Read
via "ITPro".
The company is seeking $500,000 from the unnamed threat actors that ran phishing scam on its platformsπ Read
via "ITPro".
IT PRO
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp | IT PRO
The company is seeking $500,000 from the unnamed threat actors that ran phishing scam on its platforms
π’ IT Pro 20/20: Does the UK stand a chance in the global AI race? π’
π Read
via "ITPro".
Lofty goals and a rich history in computer science may not be enough to stay relevantπ Read
via "ITPro".
IT PRO
IT Pro 20/20: Does the UK stand a chance in the global AI race? | IT PRO
Lofty goals and a rich history in computer science may not be enough to stay relevant
βΌ CVE-2021-40836 βΌ
π Read
via "National Vulnerability Database".
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Fixed in Capricorn update 2021-12-13_07.π Read
via "National Vulnerability Database".
ποΈ Multiple vulnerabilities in Microsoft Teams could spoof URLs, leak IP addresses ποΈ
π Read
via "The Daily Swig".
Only one of the issues has so far been patchedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Multiple vulnerabilities in Microsoft Teams could spoof URLs, leak IP addresses
Only one of the issues has so far been patched
β Four Bugs in Microsoft Teams Left Platform Vulnerable Since March β
π Read
via "Threat Post".
Attackers exploiting bugs in the βlink previewβ feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android userβs IP address and launch a DoS attack.π Read
via "Threat Post".
Threat Post
Four Bugs in Microsoft Teams Left Platform Vulnerable Since March
Attackers exploiting bugs in the βlink previewβ feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android userβs IP address and launch a DoS attack.
βΌ CVE-2021-36750 βΌ
π Read
via "National Vulnerability Database".
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other applications, mishandles key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).π Read
via "National Vulnerability Database".
βΌ CVE-2021-40612 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.π Read
via "National Vulnerability Database".