βΌ CVE-2021-44648 βΌ
π Read
via "National Vulnerability Database".
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44649 βΌ
π Read
via "National Vulnerability Database".
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44650 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.π Read
via "National Vulnerability Database".
β Home routers with NetUSB support could have critical kernel hole β
π Read
via "Naked Security".
Got a router that supports USB access across the network? You might need a kernel update...π Read
via "Naked Security".
Naked Security
Home routers with NetUSB support could have critical kernel hole
Got a router that supports USB access across the network? You might need a kernel updateβ¦
β JavaScript developer destroys own projects in supply chain βlessonβ β
π Read
via "Naked Security".
Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals π΄
π Read
via "Dark Reading".
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.π Read
via "Dark Reading".
Dark Reading
Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.
ποΈ Patch Tuesday: Web security issues in the spotlight in Microsoftβs bumper January update ποΈ
π Read
via "The Daily Swig".
βWormableβ flaw in HTTP Protocol Stack causes concernπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Patch Tuesday: Web security issues in the spotlight in Microsoftβs bumper January update
βWormableβ flaw in HTTP Protocol Stack causes concern
π Proxmark3 4.14831 π
π Read
via "Packet Storm Security".
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed Frostbit.π Read
via "Packet Storm Security".
Packetstormsecurity
Proxmark3 4.14831 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ Cybersecurity conferences 2022: A rundown of online, in person, and βhybridβ events ποΈ
π Read
via "The Daily Swig".
With many events choosing to retain virtual elements forced on them by the pandemic, thereβs now an abundance of online content to choose fromπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cybersecurity conferences 2022: A rundown of online, in person, and βhybridβ events
With many events choosing to retain virtual elements forced on them by the pandemic, thereβs still an abundance of online content to choose from
β Wormable Windows HTTP hole β what you need to know β
π Read
via "Naked Security".
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".π Read
via "Naked Security".
Naked Security
Wormable Windows HTTP hole β what you need to know
One bug in the January 2022 Patch Tuesday list is getting lots of attention: βHTTP Protocol Stack Remote Code Execution Vulnerabilityβ.
βΌ CVE-2021-44651 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44652 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.π Read
via "National Vulnerability Database".
π¦Ώ US government urges organizations to prepare for Russian-sponsored cyber threats π¦Ώ
π Read
via "Tech Republic".
Though the feds don't cite any specific threat, a joint advisory from CISA, the FBI and the NSA offers advice on how to detect and mitigate cyberattacks sponsored by Russia.π Read
via "Tech Republic".
TechRepublic
US government urges organizations to prepare for Russian-sponsored cyber threats
Though the feds don't cite any specific threat, a joint advisory from CISA, the FBI and the NSA offers advice on how to detect and mitigate cyberattacks sponsored by Russia.
π΄ Critical Infrastructure Security and a Case for Optimism in 2022 π΄
π Read
via "Dark Reading".
The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing.π Read
via "Dark Reading".
Dark Reading
Critical Infrastructure Security and a Case for Optimism in 2022
The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing.
β New York AG Warns 17 Firms of Credential Attacks β
π Read
via "Threat Post".
Sponsored: Password security is highlighted in attorney general warning to New York state businesses.π Read
via "Threat Post".
Threat Post
New York AG Warns 17 Firms of Credential Attacks
Sponsored: Password security is highlighted in attorney general warning to New York state businesses.
βΌ CVE-2022-0015 βΌ
π Read
via "National Vulnerability Database".
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45388 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-45608. Reason: This candidate is a reservation duplicate of CVE-2021-45608. Notes: All CVE users should reference CVE-2021-45608 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43436 βΌ
π Read
via "National Vulnerability Database".
MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45411 βΌ
π Read
via "National Vulnerability Database".
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45445 βΌ
π Read
via "National Vulnerability Database".
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28377 βΌ
π Read
via "National Vulnerability Database".
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.π Read
via "National Vulnerability Database".