βΌ CVE-2021-20132 βΌ
π Read
via "National Vulnerability Database".
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0).π Read
via "National Vulnerability Database".
βΌ CVE-2021-4184 βΌ
π Read
via "National Vulnerability Database".
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture fileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-20156 βΌ
π Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if it is from a known and trusted source. This includes firmware updates that are done via the automated "check for updates" in the admin interface. If an attacker is able to masquerade as the update server, the device will not verify that the firmware updates downloaded are legitimate.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20158 βΌ
π Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20155 βΌ
π Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678".π Read
via "National Vulnerability Database".
ποΈ Bug Bounty Radar // The latest bug bounty programs for January 2022 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for January 2022
New web targets for the discerning hacker
ποΈ The Matrix Resurrections review: Latest film instalment offers nostalgia but no denouement ποΈ
π Read
via "The Daily Swig".
DΓ©jΓ vu isn't what it used to beπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
The Matrix Resurrections review: Latest film instalment offers nostalgia but no denouement
DΓ©jΓ vu isn't what it used to be
ποΈ Security done right: Celebrating infosec wins in 2021 ποΈ
π Read
via "The Daily Swig".
Kudos to Tongaβs ccTLD, the US Supreme Court, and othersβ¦π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Security done right: Celebrating infosec wins in 2021
Kudos to Tongaβs ccTLD, the US Supreme Court, and othersβ¦
βΌ CVE-2021-4193 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Out-of-bounds Readπ Read
via "National Vulnerability Database".
βΌ CVE-2021-4192 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Use After Freeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-45933 βΌ
π Read
via "National Vulnerability Database".
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45926 βΌ
π Read
via "National Vulnerability Database".
MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd0c689be0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45940 βΌ
π Read
via "National Vulnerability Database".
libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45928 βΌ
π Read
via "National Vulnerability Database".
libjxl before 0.6, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45934 βΌ
π Read
via "National Vulnerability Database".
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_HandlePacket and MqttClient_WaitType).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45930 βΌ
π Read
via "National Vulnerability Database".
Qt SVG in Qt 5.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45943 βΌ
π Read
via "National Vulnerability Database".
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).π Read
via "National Vulnerability Database".
βΌ CVE-2021-44716 βΌ
π Read
via "National Vulnerability Database".
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45935 βΌ
π Read
via "National Vulnerability Database".
Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K::decompress (called from std::__1::__packaged_task_func<std::__1::__bind<grk::T1DecompressScheduler::deco and std::__1::packaged_task<int).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45938 βΌ
π Read
via "National Vulnerability Database".
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45939 βΌ
π Read
via "National Vulnerability Database".
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe).π Read
via "National Vulnerability Database".