‼ CVE-2021-3597 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42613 ‼
📖 Read
via "National Vulnerability Database".
A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1669 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23050 ‼
📖 Read
via "National Vulnerability Database".
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32962 ‼
📖 Read
via "National Vulnerability Database".
The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to cross-site scripting, which may allow an attacker to remotely execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32969 ‼
📖 Read
via "National Vulnerability Database".
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3717 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3629 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42614 ‼
📖 Read
via "National Vulnerability Database".
A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22977 ‼
📖 Read
via "National Vulnerability Database".
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32965 ‼
📖 Read
via "National Vulnerability Database".
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32964 ‼
📖 Read
via "National Vulnerability Database".
The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system.📖 Read
via "National Vulnerability Database".
🕴 DeFi Is Getting Pummeled by Cybercriminals 🕴
📖 Read
via "Dark Reading".
Decentralized finance lost $1.8 billion to cyberattacks last year — and 80% of those events were the result of vulnerable code, analysts say.📖 Read
via "Dark Reading".
Dark Reading
DeFi Is Getting Pummeled by Cybercriminals
Decentralized finance lost $1.8 billion to cyberattacks last year — and 80% of those events were the result of vulnerable code, analysts say.
🕴 New Attack Shows Weaponized PDF Files Remain a Threat 🕴
📖 Read
via "Dark Reading".
Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows.📖 Read
via "Dark Reading".
Dark Reading
New Attack Shows Weaponized PDF Files Remain a Threat
Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows.
🕴 Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021 🕴
📖 Read
via "Dark Reading".
But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021
But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.
‼ CVE-2022-29333 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file.📖 Read
via "National Vulnerability Database".
🕴 'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds 🕴
📖 Read
via "Dark Reading".
Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.📖 Read
via "Dark Reading".
Dark Reading
'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds
Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.
âš Poisoned Python and PHP packages purloin passwords for AWS access âš
📖 Read
via "Naked Security".
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-29337 ‼
📖 Read
via "National Vulnerability Database".
C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22497 ‼
📖 Read
via "National Vulnerability Database".
IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29334 ‼
📖 Read
via "National Vulnerability Database".
An issue in H v1.0 allows attackers to bypass authentication via a session replay attack.📖 Read
via "National Vulnerability Database".