Vulnerabilities

  

UPDATE Aggiornamenti di sicurezza Microsoft agosto 2021, corrette tre vulnerabilità zero-day: i dettagli

sicurezza microsoft agosto,corrette tre vulnerabilità,windows update medic,aggiornamenti di sicurezza,update aggiornamenti di,tre difetti zero-day,microsoft windows codecs,microsoft graphics component,microsoft agosto 2021,microsoft scripting

  

How CISOs are Building a Modern Cybersecurity Partnership – Entrepreneur

globally to combat,combat these attacks,companies,modern cybersecurity partnership,cybersecurity partnership entrepreneur,suspicious activity,cisos are building,potential vulnerabilities,building a modern,cloud,end of 2021,partnershipsLatest articles about CryptographyRead

  

REvil ransomware is back in full attack mode and leaking data

victims,kaseya,law enforcement,september,revil ransomware gang,decryptor,ransomware is back,full attack mode,attacks,mode and leaking,operationLatest articles about CryptographyRead More

  

BSCW Server Remote Code Execution

sec consult vulnerability,remote code execution,bscw bscw,vendor,jun,consult vulnerability lab,authenticated rce,server remote code,file,debug createartifact,bscw server remoteLatest articles about Operating SystemsRead More

  

U.S. Energy Information Administration (EIA) SQL Injection

energy information administration,sql injection,exploit title,kali linux,u.s,information administration eia,injection # author,clause payload,rev0x # date,boolean-based blind,05/09/2021 # tested,windows 10 pythonLatest articles about

  

Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal

artica proxy vmware,high cvss,risk level,proxy vmware appliance,relative path traversal,vulnerability,vmware appliance 4.30.000000,cyber solutions gmbh,temporal score,sp273 path traversal,french software publisher,appliance 4.30.000000 sp273,vectorLatest

  

BSCW Server Remote Code Execution

sec consult vulnerability,remote code execution,bscw bscw,vendor,jun,consult vulnerability lab,authenticated rce,server remote code,file,debug createartifact,bscw server remoteLatest articles about LinuxRead More

  

OTRS Community Edition up to 7.0.28 Lost Password information disclosure

A vulnerability, which was classified as problematic, has been found in OTRS Community Edition up to 7.0.28 (Service Management Software).

  

OTRS Community Edition up to 7.0.28/8.0.15 Email denial of service

A vulnerability classified as problematic was found in OTRS Community Edition up to 7.0.28/8.0.15 (Service Management Software). Affected by this

  

U.S. Energy Information Administration (EIA) SQL Injection

energy information administration,sql injection,exploit title,kali linux,u.s,information administration eia,injection # author,clause payload,rev0x # date,boolean-based blind,05/09/2021 # tested,windows 10 pythonLatest articles about

  

Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal

artica proxy vmware,high cvss,risk level,proxy vmware appliance,relative path traversal,vulnerability,vmware appliance 4.30.000000,cyber solutions gmbh,temporal score,sp273 path traversal,french software publisher,appliance 4.30.000000 sp273,vectorLatest

  

BSCW Server Remote Code Execution

sec consult vulnerability,remote code execution,bscw bscw,vendor,jun,consult vulnerability lab,authenticated rce,server remote code,file,debug createartifact,bscw server remoteLatest articles about CryptographyRead More

  

CVE-2021-24006

An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user

  

CVE-2021-40530

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous

  

Hackers Exploit Camera Vulnerabilities To Spy On Parents

spy on parents,exploit camera vulnerabilities,put malicious codes,vulnerabilities to spy,victure,hackers exploit camera,bitdefender,baby monitor,vulnerabilities in home,daily swig reports,threat actors hackLatest articles about

  

OTRS Community Edition up to 7.0.28 Appointment Edit Screen cross site scripting

A vulnerability has been found in OTRS Community Edition up to 7.0.28 (Service Management Software) and classified as problematic. This

  

OTRS Community Edition up to 7.0.28/8.0.15 Folder information disclosure

A vulnerability, which was classified as problematic, was found in OTRS Community Edition up to 7.0.28/8.0.15 (Service Management Software). This

  

CVE-2021-40528

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous

  

WhatsApp Flaw Casts Doubt on End-to-End Encryption

flaw casts doubt,end-to-end encryption,whatsapp flaw casts,check point,exploited,security advisory report,researchers dikla barda,doubt on end-to-end,whatsapp security vulnerability,teri robinson,recently fixed whatsapp,image,fixed whatsapp securityLatest

  

CVE-2021-40532

Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension.National Vulnerability DatabaseRead More

  

CVE-2021-40531

Sketch before 75 mishandles external library feeds.National Vulnerability DatabaseRead More

  

CVE-2021-40529

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction

  

WhatsApp Flaw Casts Doubt on End-to-End Encryption

flaw casts doubt,end-to-end encryption,whatsapp flaw casts,check point,exploited,security advisory report,researchers dikla barda,doubt on end-to-end,whatsapp security vulnerability,teri robinson,recently fixed whatsapp,image,fixed whatsapp securityLatest

  

Moxa Devices Prone to Vulnerabilities Affecting Railways

the,devices,and,that,sec consult,to vulnerabilities affecting,prone to vulnerabilities,moxa,vulnerabilities in its,series,vulnerabilities affecting railways,security,patching 60 vulnerabilitiesLatest articles about Operating SystemsRead More

  

Fedora 34: ntfs-3g 2021-c0235d9d79>

Update NTFS-3G to 2021.8.22 to fix multiple CVEs —- New upstream development version 1.45.7. —- Upstream patch to work with

  

Fedora 34: partclone 2021-c0235d9d79>

Update NTFS-3G to 2021.8.22 to fix multiple CVEs —- New upstream development version 1.45.7. —- Upstream patch to work with

  

Fedora 34: libguestfs 2021-c0235d9d79>

Update NTFS-3G to 2021.8.22 to fix multiple CVEs —- New upstream development version 1.45.7. —- Upstream patch to work with

  

Moxa Devices Prone to Vulnerabilities Affecting Railways

the,devices,and,that,sec consult,to vulnerabilities affecting,prone to vulnerabilities,moxa,vulnerabilities in its,series,vulnerabilities affecting railways,security,patching 60 vulnerabilitiesLatest articles about FirmwareRead More

  

Moxa Devices Prone to Vulnerabilities Affecting Railways

the,devices,and,that,sec consult,to vulnerabilities affecting,prone to vulnerabilities,moxa,vulnerabilities in its,series,vulnerabilities affecting railways,security,patching 60 vulnerabilitiesLatest articles about LinuxRead More

  

Debian: DSA-4967-1: squashfs-tools security update>

Etienne Stalmans discovered that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not validate filenames for

  

Windows 11 may not get security updates on unsupported devices

microsoft,loophole,security updates,incompatible hardware,install windows 11,generation intel core,tpm,microsoft’s surface studio,updates on unsupported,unsupported devices,system requirementsLatest articles about Operating SystemsRead More

  

Windows 11 may not get security updates on unsupported devices

microsoft,loophole,security updates,incompatible hardware,install windows 11,generation intel core,tpm,microsoft’s surface studio,updates on unsupported,unsupported devices,system requirementsLatest articles about FirmwareRead More

  

Fedora 33: libss7 2021-91d42ce83e>

Update to 2.0.1 (fix RHBZ#1998578); fix RHBZ#1932066 (unsafe use of strncpy)LinuxSecurity – Security AdvisoriesRead More

  

Fedora 34: ntfs-3g-system-compression 2021-c0235d9d79>

Update NTFS-3G to 2021.8.22 to fix multiple CVEs —- New upstream development version 1.45.7. —- Upstream patch to work with

  

Critical Flaws in NPM Package Patched by Node.js Developers

npm package patched,critical flaws,relative path sanitization,patched by node.js,national vulnerability database,package was vulnerable,node.js developers,flaws in npm,due to insufficient,arbitrary file,vulnerable to arbitrary,accepts

  

Full disclosure: 0-day RCE backdoor in Teradek IP video device firmwares

full disclosure,web management interface,mac address,rce backdoor,teradek ip video,video device firmwares,telnet,ip video devices,password,ip video deviceLatest articles about LinuxRead More

  

JForum2 2.7.0 User Signature ViewCommon.java cross site scripting

A vulnerability was found in JForum2 2.7.0 (Forum Software). It has been classified as problematic. Affected is an unknown code

  

Debian: squashfs-tools

signed message hash,begin pgp signed,salvatore bonaccorso september,debian security advisory,pgp signed message,sha512 debian security,etienne stalmans discovered,security@debian.org salvatore bonaccorso,end pgp signature,security advisory

  

America’s NSA Isn’t Sure Quantum Computers Will Ever Break Public Key Encryption

public key encryption,quantum computers,america’s national security,writes techradar,break public key,america’s nsa,quantum computing,crqc,public key cryptography,faq titled,national security agency,cryptographically relevantLatest articles about CryptographyRead

  

CVE-2021-40509

ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature.National Vulnerability DatabaseRead More

  

Full disclosure: 0-day RCE backdoor in Teradek IP video device firmwares

full disclosure,web management interface,mac address,rce backdoor,teradek ip video,video device firmwares,telnet,ip video devices,password,ip video deviceLatest articles about CryptographyRead More

  

Full disclosure: 0-day RCE backdoor in Teradek IP video device firmwares

full disclosure,web management interface,mac address,rce backdoor,teradek ip video,video device firmwares,telnet,ip video devices,password,ip video deviceLatest articles about FirmwareRead More

  

Full disclosure: 0-day RCE backdoor in Teradek IP video device firmwares

full disclosure,web management interface,mac address,rce backdoor,teradek ip video,video device firmwares,telnet,ip video devices,password,ip video deviceLatest articles about Operating SystemsRead More

   

Cellebrite UFED sérülékenység kihasználása

Cellebrite digital intelligence vállalat mobil eszközök feltörésére és adatkinyerésre is készít szoftvert és ezt elősegítő eszközöket. Ezen szoftver sérülékenysége került

   

Android javítások

A Google kiadta a 2021 februári Android frissítését, ami több mint 40 sérülékenységet javít az operációs rendszeren. A frissítés több

   

Microsoft patch kedd – 2021. január

A Microsoft 2021. január havi biztonsági frissítő csomagja összesen 83 db frissítést tartalmazott. A frissítés 10 kritikus, 73 magas kockázatú sérülékenységet javított, amelyek jellemzően biztonsági funkciók megkerülését, távoli kódfuttatást, valamint bizalmas információkhoz való hozzáférést tehetnek lehetővé a Microsoft Windows, az Edge böngésző, a ChakraCore, az Office és a Microsoft Office Services, valamint a Visual Studio, a Microsoft Malware Protection Engine, a .NET Core, az ASP .NET és az Azure rendszereken, alkalmazásokon.

   

Szoftverek biztonsági állapota

A Veracode kiadta a Szoftverbiztonság állapotáról szóló éves jelentését, ami már 11. alkalommal jelenik meg. A jelentés szerint a nyílt forráskódú könyvtárak egyre megbízhatatlanabbak és sokáig tart a hibák javítása a. A PHP rendelkezik a legtöbb hibával, amelyet a C ++, majd a Java, a .Net, a JavaScript és a Python követ.