βΌ CVE-2021-44593 βΌ
π Read
via "National Vulnerability Database".
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23631 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23127 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the acquired authentication information, by injecting a malicious script in the URL of a monitoring screen delivered from the MC Works64 server or MobileHMI server to an application for mobile devices and leading a legitimate user to access this URL.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23207 βΌ
π Read
via "National Vulnerability Database".
An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.π Read
via "National Vulnerability Database".
π΄ Fraud Is On the Rise, and It's Going to Get Worse π΄
π Read
via "Dark Reading".
The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud.π Read
via "Dark Reading".
Dark Reading
Fraud Is On the Rise, and It's Going to Get Worse
The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud.
β The Internetβs Most Tempting Targets β
π Read
via "Threat Post".
What attracts the attackers? David "moose" Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.π Read
via "Threat Post".
Threat Post
The Internetβs Most Tempting Targets
What attracts the attackers? David "moose" Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.
βΌ CVE-2021-46238 βΌ
π Read
via "National Vulnerability Database".
GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46313 βΌ
π Read
via "National Vulnerability Database".
The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46311 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-22552 βΌ
π Read
via "National Vulnerability Database".
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46234 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46243 βΌ
π Read
via "National Vulnerability Database".
An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46236 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-22553 βΌ
π Read
via "National Vulnerability Database".
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46239 βΌ
π Read
via "National Vulnerability Database".
The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-22551 βΌ
π Read
via "National Vulnerability Database".
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46244 βΌ
π Read
via "National Vulnerability Database".
A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46237 βΌ
π Read
via "National Vulnerability Database".
An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-36338 βΌ
π Read
via "National Vulnerability Database".
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36339 βΌ
π Read
via "National Vulnerability Database".
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39480 βΌ
π Read
via "National Vulnerability Database".
Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS).π Read
via "National Vulnerability Database".