βΌ CVE-2021-36750 βΌ
π Read
via "National Vulnerability Database".
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other applications, mishandles key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).π Read
via "National Vulnerability Database".
βΌ CVE-2021-40612 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.π Read
via "National Vulnerability Database".
ποΈ Anti-cheating browser extension fails web security examination ποΈ
π Read
via "The Daily Swig".
XSS flaw in Proctorio gets resolvedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Anti-cheating browser extension fails web security examination
XSS flaw in Proctorio gets resolved
π¦Ώ Conti ransomware is exploiting the Log4Shell vulnerability to the tune of millions π¦Ώ
π Read
via "Tech Republic".
Log4Shell is a dangerous security concern β and now Conti, a prominent ransomware group, is exploiting it to attack vulnerable servers to extort millions of dollars.π Read
via "Tech Republic".
TechRepublic
Conti ransomware is exploiting the Log4Shell vulnerability to the tune of millions
Log4Shell is a dangerous security concern β and now Conti, a prominent ransomware group, is exploiting it to attack vulnerable servers to extort millions of dollars.
ποΈ Bug bounty platforms handling thousands of Log4j vulnerability reports ποΈ
π Read
via "The Daily Swig".
Leading platforms report back from the front line as vendors grapple with landmark bug Bug bounty hunters have already submitted thousands of vulnerability reports related to the Apache Log4j bug thatπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug bounty platforms handling thousands of Log4j vulnerability reports
Leading platforms report back from the front line as vendors grapple with landmark bug UPDATED Bug bounty hunters have already submitted thousands of vulnerability reports related to the Apache Log4j
βΌ CVE-2021-45418 βΌ
π Read
via "National Vulnerability Database".
Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0.π Read
via "National Vulnerability Database".
β Apacheβs other product: Critical bugs in βhttpdβ web server, patch now! β
π Read
via "Naked Security".
The Apache web server just got an update - this one is nothing to do with Log4j!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Plundered bitcoins recovered by FBI β all 3,879-and-one-sixth of them! β
π Read
via "Naked Security".
Phew! An audacious crime... that didn't work out.π Read
via "Naked Security".
Naked Security
Plundered bitcoins recovered by FBI β all 3,879-and-one-sixth of them!
Phew! An audacious crimeβ¦ that didnβt work out.
β Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS β
π Read
via "Threat Post".
Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD's tendency to tiptoe into software projects.π Read
via "Threat Post".
Threat Post
Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS
Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD's tendency to tiptoe into software projects.
β PYSA Emerges as Top Ransomware Actor in November β
π Read
via "Threat Post".
Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks.π Read
via "Threat Post".
Threat Post
PYSA Emerges as Top Ransomware Actor in November
Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks.
β All in One SEO Plugin Bug Threatens 3M Websites with Takeovers β
π Read
via "Threat Post".
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.π Read
via "Threat Post".
Threat Post
All in One SEO Plugin Bug Threatens 3M Websites with Takeovers
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.
β Time to Ditch Big-Brother Accounts for Network Scanning β
π Read
via "Threat Post".
Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.π Read
via "Threat Post".
Threat Post
Time to Ditch Big-Brother Accounts for Network Scanning
Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.
βΌ CVE-2021-39013 βΌ
π Read
via "National Vulnerability Database".
IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45260 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44659 βΌ
π Read
via "National Vulnerability Database".
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-4113 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45419 βΌ
π Read
via "National Vulnerability Database".
Certain Starcharge products are affected by Improper Input Validation. The affected products include: Nova 360 Cabinet <= 1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0 and Titan 180 Premium <= 1.3.0.0.6 - Fixed: 1.3.0.0.9.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44733 βΌ
π Read
via "National Vulnerability Database".
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45258 βΌ
π Read
via "National Vulnerability Database".
A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43630 βΌ
π Read
via "National Vulnerability Database".
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43156 βΌ
π Read
via "National Vulnerability Database".
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.π Read
via "National Vulnerability Database".