βΌ CVE-2021-46446 βΌ
π Read
via "National Vulnerability Database".
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44397 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=start param is not object. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44403 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46447 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44371 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44396 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not object. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44386 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44399 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44378 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44382 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
β Coronavirus SMS scam offers home PCR testing devices β donβt fall for it! β
π Read
via "Naked Security".
Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...π Read
via "Naked Security".
Naked Security
Coronavirus SMS scam offers home PCR testing devices β donβt fall for it!
Free home PCR devices would be technological marvels, and really useful, too. But there arenβt anyβ¦
π’ Podcast transcript: Inside the DDoS arms race π’
π Read
via "ITPro".
Read the full transcript for this episode of the IT Pro Podcastπ Read
via "ITPro".
IT PRO
Podcast transcript: Inside the DDoS arms race | IT PRO
Read the full transcript for this episode of the IT Pro Podcast
π’ The IT Pro Podcast: Inside the DDoS arms race π’
π Read
via "ITPro".
Theyβre still among the most common cyber attacks - but what makes DDoS so popular?π Read
via "ITPro".
IT PRO
The IT Pro Podcast: Inside the DDoS arms race | IT PRO
Theyβre still among the most common cyber attacks - but what makes DDoS so popular?
π’ Report: IT staff fail phishing tests more often than non-technical workers π’
π Read
via "ITPro".
Results show DevOps workers consistently rank among the most likely to fail a cyber security exerciseπ Read
via "ITPro".
IT PRO
Report: IT staff fail phishing tests more often than non-technical workers | IT PRO
Results show DevOps workers consistently rank among the most likely to fail a cyber security exercise
βΌ CVE-2022-24122 βΌ
π Read
via "National Vulnerability Database".
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.π Read
via "National Vulnerability Database".
βοΈ Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams βοΈ
π Read
via "Krebs on Security".
Several articles here have delved into the history of John Bernard, the pseudonym used by a fake billionaire technology investor who's tricked dozens of start-ups into giving him tens of millions of dollars. Bernard's latest victim -- a Norwegian startup hoping to build a fleet of environmentally friendly shipping vessels -- is now embroiled in a lawsuit over a deal gone bad, in which Bernard falsely claimed to have secured $100 million from six other wealthy investors, including the founder of Uber and the artist Abel Makkonen Tesfaye, better known as The Weeknd.π Read
via "Krebs on Security".
Krebsonsecurity
Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams
Several articles here have delved into the history of John Bernard, the pseudonym used by a fake billionaire technology investor who's tricked dozens of start-ups into giving him tens of millions of dollars. Bernard's latest victim -- a Norwegian startupβ¦
βΌ CVE-2021-46660 βΌ
π Read
via "National Vulnerability Database".
Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46659 βΌ
π Read
via "National Vulnerability Database".
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46658 βΌ
π Read
via "National Vulnerability Database".
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46657 βΌ
π Read
via "National Vulnerability Database".
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24123 βΌ
π Read
via "National Vulnerability Database".
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload.π Read
via "National Vulnerability Database".