‼ CVE-2021-45712 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45714 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45719 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45715 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45713 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45336 ‼
📖 Read
via "National Vulnerability Database".
Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45337 ‼
📖 Read
via "National Vulnerability Database".
Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45335 ‼
📖 Read
via "National Vulnerability Database".
Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45339 ‼
📖 Read
via "National Vulnerability Database".
Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45338 ‼
📖 Read
via "National Vulnerability Database".
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.📖 Read
via "National Vulnerability Database".
🦿 Tips for providing digital security benefits to employees 🦿
📖 Read
via "Tech Republic".
Many employers are now offering digital security benefits to help protect their employees. Learn about such arrangements and see how you can get started implementing them.📖 Read
via "Tech Republic".
TechRepublic
Tips for providing digital security benefits to employees
Many employers are now offering digital security benefits to help protect their employees. Learn about such arrangements and see how you can get started implementing them.
🦿 The 10 worst tech stories of 2021 🦿
📖 Read
via "Tech Republic".
Have fond memories of 2021? They probably don't include these 10 stories or the products and services surrounding them.📖 Read
via "Tech Republic".
🦿 The dangers of dark data: How to manage it and mitigate the risks 🦿
📖 Read
via "Tech Republic".
Dark data is a major challenge in enterprises, and it's not going away soon. Fortunately, there are ways to reduce dark data and the risks that come with it.📖 Read
via "Tech Republic".
❌ The 5 Most-Wanted Threatpost Stories of 2021 ❌
📖 Read
via "Threat Post".
A look back at what was hot with readers in this second year of the pandemic.📖 Read
via "Threat Post".
Threat Post
The 5 Most-Wanted Threatpost Stories of 2021
A look back at what was hot with readers in this second year of the pandemic.
‼ CVE-2021-38961 ‼
📖 Read
via "National Vulnerability Database".
IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212049.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43855 ‼
📖 Read
via "National Vulnerability Database".
Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43856 ‼
📖 Read
via "National Vulnerability Database".
Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. --- Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43845 ‼
📖 Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.📖 Read
via "National Vulnerability Database".
❌ Global Cyberattacks from Nation-State Actors Posing Greater Threats ❌
📖 Read
via "Threat Post".
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. 📖 Read
via "Threat Post".
Threat Post
Global Cyberattacks from Nation-State Actors Posing Greater Threats
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain.
‼ CVE-2021-21751 ‼
📖 Read
via "National Vulnerability Database".
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.📖 Read
via "National Vulnerability Database".