❌ Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS ❌
📖 Read
via "Threat Post".
Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD's tendency to tiptoe into software projects.📖 Read
via "Threat Post".
Threat Post
Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS
Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD's tendency to tiptoe into software projects.
❌ PYSA Emerges as Top Ransomware Actor in November ❌
📖 Read
via "Threat Post".
Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks.📖 Read
via "Threat Post".
Threat Post
PYSA Emerges as Top Ransomware Actor in November
Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks.
❌ All in One SEO Plugin Bug Threatens 3M Websites with Takeovers ❌
📖 Read
via "Threat Post".
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.📖 Read
via "Threat Post".
Threat Post
All in One SEO Plugin Bug Threatens 3M Websites with Takeovers
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.
❌ Time to Ditch Big-Brother Accounts for Network Scanning ❌
📖 Read
via "Threat Post".
Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.📖 Read
via "Threat Post".
Threat Post
Time to Ditch Big-Brother Accounts for Network Scanning
Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.
‼ CVE-2021-39013 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45260 ‼
📖 Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44659 ‼
📖 Read
via "National Vulnerability Database".
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4113 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45419 ‼
📖 Read
via "National Vulnerability Database".
Certain Starcharge products are affected by Improper Input Validation. The affected products include: Nova 360 Cabinet <= 1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0 and Titan 180 Premium <= 1.3.0.0.6 - Fixed: 1.3.0.0.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44733 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45258 ‼
📖 Read
via "National Vulnerability Database".
A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43630 ‼
📖 Read
via "National Vulnerability Database".
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43156 ‼
📖 Read
via "National Vulnerability Database".
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43158 ‼
📖 Read
via "National Vulnerability Database".
In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45267 ‼
📖 Read
via "National Vulnerability Database".
An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4114 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43155 ‼
📖 Read
via "National Vulnerability Database".
Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45257 ‼
📖 Read
via "National Vulnerability Database".
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43628 ‼
📖 Read
via "National Vulnerability Database".
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45266 ‼
📖 Read
via "National Vulnerability Database".
A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45262 ‼
📖 Read
via "National Vulnerability Database".
An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash.📖 Read
via "National Vulnerability Database".