βΌ CVE-2021-36410 βΌ
π Read
via "National Vulnerability Database".
A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36412 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command,π Read
via "National Vulnerability Database".
βΌ CVE-2021-36414 βΌ
π Read
via "National Vulnerability Database".
A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36409 βΌ
π Read
via "National Vulnerability Database".
There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36411 βΌ
π Read
via "National Vulnerability Database".
An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.π Read
via "National Vulnerability Database".
π¦Ώ The rise of the CISO: The escalation in cyberattacks makes this role increasingly important π¦Ώ
π Read
via "Tech Republic".
As the digital landscape has grown, the organizational need for cybersecurity and data protection has risen. A new study takes a look at where CISOs stand in businesses.π Read
via "Tech Republic".
TechRepublic
The rise of the CISO: The escalation in cyberattacks makes this role increasingly important
As the digital landscape has grown, the organizational need for cybersecurity and data protection has risen. A new study takes a look at where CISOs stand in businesses.
β JavaScript developer destroys own projects in supply chain βlessonβ β
π Read
via "Naked Security".
Two popular open source JavaScript packages recently got "hacked" in a smbolic gesture by the original project creator.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Honda cars in flashback to 2002 β βCanβt Get You Out Of My Headβ β
π Read
via "Naked Security".
Where were YOU on the night of 17 May 2002? And what about the day after that?π Read
via "Naked Security".
Naked Security
Honda cars in flashback to 2002 β βCanβt Get You Out Of My Headβ
Where were YOU on the night of 17 May 2002? And what about the day after that?
βΌ CVE-2022-0144 βΌ
π Read
via "National Vulnerability Database".
shelljs is vulnerable to Improper Privilege Managementπ Read
via "National Vulnerability Database".
β Millions of Routers Exposed to RCE by USB Kernel Bug β
π Read
via "Threat Post".
The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from Netgear, TP-Link, DLink, Western Digital, et al.π Read
via "Threat Post".
Threat Post
Millions of Routers Exposed to RCE by USB Kernel Bug
The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from Netgear, TP-Link, DLink, Western Digital, et al.
ποΈ IP spoofing bug leaves Django REST applications open to DDoS, password-cracking attacks ποΈ
π Read
via "The Daily Swig".
Security researcher discovers how to send unlimited HTTP requests with the same clientπ Read
via "The Daily Swig".
βΌ CVE-2021-37195 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45460 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41769 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37197 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37196 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45034 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70ΓΒ°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70ΓΒ°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45033 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70ΓΒ°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70ΓΒ°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37198 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform Cross-Site-Request-Forgery attacks.π Read
via "National Vulnerability Database".
ποΈ Multiple Node.js vulnerabilities fixed in flurry of new releases ποΈ
π Read
via "The Daily Swig".
Three medium-impact and one low severity bug have been patchedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Multiple Node.js vulnerabilities fixed in flurry of new releases
Three medium-impact and one low severity bug have been patched
π΄ 5 Things to Know About Next-Generation SIEM π΄
π Read
via "Dark Reading".
NG-SIEM is emerging as a cloud- and analytics-driven alternative to legacy SIEMs. Based on new research, Omdia highlights five important new insights for anyone considering a NG-SIEM purchase.π Read
via "Dark Reading".
Dark Reading
5 Things to Know About Next-Generation SIEM
NG-SIEM is emerging as a cloud- and analytics-driven alternative to legacy SIEMs. Based on new research, Omdia highlights five important new insights for anyone considering a NG-SIEM purchase.