βΌ CVE-2021-45851 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0704 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21946 βΌ
π Read
via "National Vulnerability Database".
A Improper Privilege Management vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21945 βΌ
π Read
via "National Vulnerability Database".
A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46705 βΌ
π Read
via "National Vulnerability Database".
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45852 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0705 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.π Read
via "National Vulnerability Database".
π΄ What Kind Of Security Tools Should I Provide My Developers? π΄
π Read
via "Dark Reading".
Who says developers don't care about security? Give them the tools to help them build security into their code.π Read
via "Dark Reading".
Dark Reading
What Kind Of Security Tools Should I Provide My Developers?
Who says developers don't care about security? Give them the tools to help them build security into their code.
π΄ How Should My Security Analyst Use the MITRE ATT&CK Framework? π΄
π Read
via "Dark Reading".
As a curated knowledgebase for adversary behavior, the MITRE ATT&CK framework can guide defenders on how to conduct an investigation and the order of things to look for.π Read
via "Dark Reading".
Dark Reading
How Should My Security Analyst Use the MITRE ATT&CK Framework?
As a curated knowledge base for adversary behavior, the MITRE ATT&CK framework can guide defenders on how to conduct an investigation and the order of things to look for.
βΌ CVE-2021-45787 βΌ
π Read
via "National Vulnerability Database".
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42552 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0986 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45786 βΌ
π Read
via "National Vulnerability Database".
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.π Read
via "National Vulnerability Database".
π΄ Would 'Cyber Geneva Conventions' Defuse Online Aggression? π΄
π Read
via "Dark Reading".
International treaties could force nation-states to police bad actors within their borders to avoid penalties.π Read
via "Dark Reading".
Dark Reading
Would 'Cyber Geneva Conventions' Defuse Online Aggression?
International treaties could force nation-states to police bad actors within their borders to avoid penalties.
ποΈ HackerOne lifts βsanctionsβ against Ukrainian hackers ποΈ
π Read
via "The Daily Swig".
Platform apologizes for βpoor communicationβ over bug bounty payoutsπ Read
via "The Daily Swig".
π1
βΌ CVE-2021-39711 βΌ
π Read
via "National Vulnerability Database".
In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40767 βΌ
π Read
via "National Vulnerability Database".
Adobe Character Animator version 4.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40787 βΌ
π Read
via "National Vulnerability Database".
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39712 βΌ
π Read
via "National Vulnerability Database".
In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39792 βΌ
π Read
via "National Vulnerability Database".
In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0811 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.π Read
via "National Vulnerability Database".