βΌ CVE-2021-4001 βΌ
π Read
via "National Vulnerability Database".
A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel versions prior to 5.16 rc2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23130 βΌ
π Read
via "National Vulnerability Database".
Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33843 βΌ
π Read
via "National Vulnerability Database".
Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23196 βΌ
π Read
via "National Vulnerability Database".
The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33846 βΌ
π Read
via "National Vulnerability Database".
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23460 βΌ
π Read
via "National Vulnerability Database".
The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33848 βΌ
π Read
via "National Vulnerability Database".
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP requests and perform unauthorized actions such as stealing internal information and performing actions in context of an authenticated user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23195 βΌ
π Read
via "National Vulnerability Database".
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44593 βΌ
π Read
via "National Vulnerability Database".
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23631 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23127 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23207 βΌ
π Read
via "National Vulnerability Database".
An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.π Read
via "National Vulnerability Database".
π΄ Fraud Is On the Rise, and It's Going to Get Worse π΄
π Read
via "Dark Reading".
The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud.π Read
via "Dark Reading".
Dark Reading
Fraud Is On the Rise, and It's Going to Get Worse
The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud.
β The Internetβs Most Tempting Targets β
π Read
via "Threat Post".
What attracts the attackers? David "moose" Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.π Read
via "Threat Post".
Threat Post
The Internetβs Most Tempting Targets
What attracts the attackers? David "moose" Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.
βΌ CVE-2021-46238 βΌ
π Read
via "National Vulnerability Database".
GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46313 βΌ
π Read
via "National Vulnerability Database".
The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46311 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-22552 βΌ
π Read
via "National Vulnerability Database".
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46234 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46243 βΌ
π Read
via "National Vulnerability Database".
An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46236 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".