βΌ CVE-2021-40796 βΌ
π Read
via "National Vulnerability Database".
Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39729 βΌ
π Read
via "National Vulnerability Database".
In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40779 βΌ
π Read
via "National Vulnerability Database".
Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0982 βΌ
π Read
via "National Vulnerability Database".
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40764 βΌ
π Read
via "National Vulnerability Database".
Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40738 βΌ
π Read
via "National Vulnerability Database".
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40782 βΌ
π Read
via "National Vulnerability Database".
Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20299 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39702 βΌ
π Read
via "National Vulnerability Database".
In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205150380π Read
via "National Vulnerability Database".
βΌ CVE-2021-40780 βΌ
π Read
via "National Vulnerability Database".
Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39667 βΌ
π Read
via "National Vulnerability Database".
In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-205702093π Read
via "National Vulnerability Database".
βΌ CVE-2021-33853 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a userΓ’β¬β’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40768 βΌ
π Read
via "National Vulnerability Database".
Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40739 βΌ
π Read
via "National Vulnerability Database".
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.π Read
via "National Vulnerability Database".
ποΈ Unpatched plugins threaten millions of WordPress websites ποΈ
π Read
via "The Daily Swig".
Number of vulnerabilities found in WordPress plugins and themes jumped 150% between 2020 and 2021π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Unpatched plugins threaten millions of WordPress websites
Number of vulnerabilities found in WordPress plugins and themes jumped 150% between 2020 and 2021
β Another Destructive Wiper Targets Organizations in Ukraine β
π Read
via "Threat Post".
CaddyWiper is one in a barrage of data-wiping cyber-attacks to hit the country since January as the war on the ground with Russia marches on.π Read
via "Threat Post".
Threat Post
Another Destructive Wiper Targets Organizations in Ukraine
CaddyWiper is one in a barrage of data-wiping cyber-attacks to hit the country since January as the war on the ground with Russia marches on.
π΄ Russia State-Sponsored Hackers Used Misconfigured MFA to Breach NGO π΄
π Read
via "Dark Reading".
FBI and CISA warn of attack on multifactor authentication account to exploit "PrintNightmare" exploit.π Read
via "Dark Reading".
Dark Reading
Russia State-Sponsored Hackers Used Misconfigured MFA to Breach NGO
FBI and CISA warn of attack on multifactor authentication account to exploit "PrintNightmare" exploit.
π OpenSSL Toolkit 1.1.1n π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 1.1.1n β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π€―1
π nfstream 6.4.3 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.4.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π OpenSSL Toolkit 3.0.2 π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 3.0.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β βCryptoRomβ Crypto-Scam is Back via Side-Loaded Apps β
π Read
via "Threat Post".
Scammers are bypassing Apple's App Store security, stealing thousands of dollarsβ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs.π Read
via "Threat Post".
Threat Post
βCryptoRomβ Crypto-Scam is Back via Side-Loaded Apps
Scammers are bypassing Apple's App Store security, stealing thousands of dollarsβ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs.