βΌ CVE-2021-40609 βΌ
π Read
via "National Vulnerability Database".
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40943 βΌ
π Read
via "National Vulnerability Database".
In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-40608 βΌ
π Read
via "National Vulnerability Database".
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41460 βΌ
π Read
via "National Vulnerability Database".
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41689 βΌ
π Read
via "National Vulnerability Database".
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34750 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40607 βΌ
π Read
via "National Vulnerability Database".
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40944 βΌ
π Read
via "National Vulnerability Database".
In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).π Read
via "National Vulnerability Database".
ποΈ Ready meal distributor Apetito restores βlimitedβ deliveries in UK following cyber-attack ποΈ
π Read
via "The Daily Swig".
βManual workaroundβ kickstarts phased recovery after cybercrooks disrupt meal provision to vulnerable peopleπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ready meal distributor Apetito restores βlimitedβ deliveries in UK following cyber-attack
βManual workaroundβ kickstarts phased recovery after cybercrooks disrupt meal provision to vulnerable people
ποΈ Dozens of cryptography libraries vulnerable to private key theft ποΈ
π Read
via "The Daily Swig".
Signing mechanism security shortcomings exposedπ Read
via "The Daily Swig".
π MIMEDefang Email Scanner 3.0 π
π Read
via "Packet Storm Security".
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.π Read
via "Packet Storm Security".
Packetstormsecurity
MIMEDefang Email Scanner 3.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π American Fuzzy Lop plus plus 4.01c π
π Read
via "Packet Storm Security".
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.π Read
via "Packet Storm Security".
Packetstormsecurity
American Fuzzy Lop plus plus 4.01c β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter π΄
π Read
via "Dark Reading".
Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta).π Read
via "Dark Reading".
Dark Reading
Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter
Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta).
βΌ CVE-2022-0085 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23763 βΌ
π Read
via "National Vulnerability Database".
Origin validation error vulnerability in NeoRSΓ’β¬β’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30560 βΌ
π Read
via "National Vulnerability Database".
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30561 βΌ
π Read
via "National Vulnerability Database".
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30562 βΌ
π Read
via "National Vulnerability Database".
If the user enables the https function on the device, an attacker can modify the userΓ’β¬β’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30563 βΌ
π Read
via "National Vulnerability Database".
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.π Read
via "National Vulnerability Database".
π΄ A WAF Is Not a Free Lunch: Teaching the Shift-Left Security Mindset π΄
π Read
via "Dark Reading".
Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.π Read
via "Dark Reading".
Dark Reading
A WAF Is Not a Free Lunch: Teaching the Shift-Left Security Mindset
Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.
π΄ Can Zero-Knowledge Crypto Solve Our Password Problems? π΄
π Read
via "Dark Reading".
Creating temporary keys that are not stored in central repositories and time out automatically could improve security for even small businesses.π Read
via "Dark Reading".
Dark Reading
Can Zero-Knowledge Cryptography Solve Our Password Problems?
Creating temporary keys that are not stored in central repositories and time out automatically could improve security for even small businesses.