βΌ CVE-2021-34911 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14884.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34917 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14895.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34934 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14912.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34901 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14874.π Read
via "National Vulnerability Database".
β Microsoft Yanks Buggy Windows Server Updates β
π Read
via "Threat Post".
Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable.π Read
via "Threat Post".
Threat Post
Microsoft Yanks Buggy Windows Server Updates
Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable.
βΌ CVE-2021-34877 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14829.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22989 βΌ
π Read
via "National Vulnerability Database".
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service. Addressed the vulnerability by adding defenses against stack overflow issues.cπ Read
via "National Vulnerability Database".
βΌ CVE-2021-34933 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14911.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34997 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AppStudioUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13894.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0178 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Access Controlπ Read
via "National Vulnerability Database".
βΌ CVE-2021-45760 βΌ
π Read
via "National Vulnerability Database".
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability allows attackers to cause a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-23218 βΌ
π Read
via "National Vulnerability Database".
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42551 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23222 βΌ
π Read
via "National Vulnerability Database".
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23219 βΌ
π Read
via "National Vulnerability Database".
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20698 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33962 βΌ
π Read
via "National Vulnerability Database".
China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component.π Read
via "National Vulnerability Database".
β S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode -listen to it or read it now!π Read
via "Naked Security".
Naked Security
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
Latest episode -listen to it or read it now!
β Three Plugins with Same Bug Put 84K WordPress Sites at Risk β
π Read
via "Threat Post".
Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform.π Read
via "Threat Post".
Threat Post
Three Plugins with Same Bug Put 84K WordPress Sites at Risk
Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform.
β REvil ransomware crew allegedly busted in Russia, says FSB β
π Read
via "Naked Security".
The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew.π Read
via "Naked Security".
Naked Security
REvil ransomware crew allegedly busted in Russia, says FSB
The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous βREvilβ ransomware crew.
β Russian Security Takes Down REvil Ransomware Gang β
π Read
via "Threat Post".
The country's FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil's infrastructure.π Read
via "Threat Post".
Threat Post
Russian Security Takes Down REvil Ransomware Gang
The country's FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil's infrastructure.