π΄ What Kind Of Security Tools Should I Provide My Developers? π΄
π Read
via "Dark Reading".
Who says developers don't care about security? Give them the tools to help them build security into their code.π Read
via "Dark Reading".
Dark Reading
What Kind Of Security Tools Should I Provide My Developers?
Who says developers don't care about security? Give them the tools to help them build security into their code.
π΄ How Should My Security Analyst Use the MITRE ATT&CK Framework? π΄
π Read
via "Dark Reading".
As a curated knowledgebase for adversary behavior, the MITRE ATT&CK framework can guide defenders on how to conduct an investigation and the order of things to look for.π Read
via "Dark Reading".
Dark Reading
How Should My Security Analyst Use the MITRE ATT&CK Framework?
As a curated knowledge base for adversary behavior, the MITRE ATT&CK framework can guide defenders on how to conduct an investigation and the order of things to look for.
βΌ CVE-2021-45787 βΌ
π Read
via "National Vulnerability Database".
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42552 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0986 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45786 βΌ
π Read
via "National Vulnerability Database".
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.π Read
via "National Vulnerability Database".
π΄ Would 'Cyber Geneva Conventions' Defuse Online Aggression? π΄
π Read
via "Dark Reading".
International treaties could force nation-states to police bad actors within their borders to avoid penalties.π Read
via "Dark Reading".
Dark Reading
Would 'Cyber Geneva Conventions' Defuse Online Aggression?
International treaties could force nation-states to police bad actors within their borders to avoid penalties.
ποΈ HackerOne lifts βsanctionsβ against Ukrainian hackers ποΈ
π Read
via "The Daily Swig".
Platform apologizes for βpoor communicationβ over bug bounty payoutsπ Read
via "The Daily Swig".
π1
βΌ CVE-2021-39711 βΌ
π Read
via "National Vulnerability Database".
In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40767 βΌ
π Read
via "National Vulnerability Database".
Adobe Character Animator version 4.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40787 βΌ
π Read
via "National Vulnerability Database".
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39712 βΌ
π Read
via "National Vulnerability Database".
In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39792 βΌ
π Read
via "National Vulnerability Database".
In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0811 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39713 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42722 βΌ
π Read
via "National Vulnerability Database".
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39715 βΌ
π Read
via "National Vulnerability Database".
In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39725 βΌ
π Read
via "National Vulnerability Database".
In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-20257 βΌ
π Read
via "National Vulnerability Database".
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39692 βΌ
π Read
via "National Vulnerability Database".
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539π Read
via "National Vulnerability Database".
βΌ CVE-2021-39720 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/Aπ Read
via "National Vulnerability Database".