βΌ CVE-2021-44736 βΌ
π Read
via "National Vulnerability Database".
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the Γ’β¬Εout of service eraseΓ’β¬οΏ½ feature.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44734 βΌ
π Read
via "National Vulnerability Database".
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21658 βΌ
π Read
via "National Vulnerability Database".
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44737 βΌ
π Read
via "National Vulnerability Database".
PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0219 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2.π Read
via "National Vulnerability Database".
β Critical Cisco StarOS Bug Grants Root Access via Debug Mode β
π Read
via "Threat Post".
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.π Read
via "Threat Post".
Threat Post
Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
π New White House Memo Aims to Strengthen National Security Systems π
π Read
via "".
A new White House memo gives greater power to the NSA in its fight to protect sensitive government data.π Read
via "".
Digital Guardian
New White House Memo Aims to Strengthen National Security Systems
A new White House memo gives greater power to the NSA in its fight to protect sensitive government data.
βΌ CVE-2021-44092 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46061 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23119 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44090 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29785 βΌ
π Read
via "National Vulnerability Database".
IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44245 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23120 βΌ
π Read
via "National Vulnerability Database".
A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44244 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php.π Read
via "National Vulnerability Database".
π΄ Red Cross Hit via Third-Party Cyberattack π΄
π Read
via "Dark Reading".
The incident compromised the personal data and confidential information of more than 515,000 "highly vulnerable people," the Red Cross reports.π Read
via "Dark Reading".
Dark Reading
Red Cross Hit via Third-Party Cyberattack
The incident compromised the personal data and confidential information of more than 515,000 "highly vulnerable people," the Red Cross reports.
π΄ Automating Response Is a Marathon, Not a Sprint π΄
π Read
via "Dark Reading".
Organizations should balance process automation and human interaction to meet their unique security requirements.π Read
via "Dark Reading".
Dark Reading
Automating Response Is a Marathon, Not a Sprint
Organizations should balance process automation and human interaction to meet their unique security requirements.
π΄ Researchers Discover Dangerous Firmware-Level Rootkit π΄
π Read
via "Dark Reading".
MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).π Read
via "Dark Reading".
Dark Reading
Researchers Discover Dangerous Firmware-Level Rootkit
MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).
βΌ CVE-2021-46335 βΌ
π Read
via "National Vulnerability Database".
Moddable SDK v11.5.0 was discovered to contain a NULL pointer dereference in the component fx_Function_prototype_hasInstance.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46339 βΌ
π Read
via "National Vulnerability Database".
There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_size)' failed at /base/ecma-helpers-string.c(ecma_new_ecma_string_from_utf8) in JerryScript 3.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46324 βΌ
π Read
via "National Vulnerability Database".
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.π Read
via "National Vulnerability Database".