messages28.html

<!DOCTYPE html>
<html>

 <head>

  <meta charset="utf-8"/>
<title>Exported Data</title>
  <meta content="width=device-width, initial-scale=1.0" name="viewport"/>

  <link href="css/style.css" rel="stylesheet"/>

  <script src="js/script.js" type="text/javascript">

  </script>

 </head>

 <body onload="CheckLocation();">

  <div class="page_wrap">

   <div class="page_header">

    <div class="content">

     <div class="text bold">
🛡 Cybersecurity &amp; Privacy news 🛡 
     </div>

    </div>

   </div>

   <div class="page_body chat_page">

    <div class="history">

     <a class="pagination block_link" href="messages27.html">
Previous messages
     </a>

     <div class="message service" id="message-864">

      <div class="body details">
10 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27098">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.08.2021 19:37:36">
19:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-21677 ‼</strong><br><br><code>A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21677">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27099">

      <div class="body">

       <div class="pull_right date details" title="10.08.2021 19:37:37">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-21683 ‼</strong><br><br><code>A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21683">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27100">

      <div class="body">

       <div class="pull_right date details" title="10.08.2021 19:37:38">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-21676 ‼</strong><br><br><code>A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21676">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27101">

      <div class="body">

       <div class="pull_right date details" title="10.08.2021 19:37:39">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-21678 ‼</strong><br><br><code>A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21678">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27102">

      <div class="body">

       <div class="pull_right date details" title="10.08.2021 19:37:40">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-28846 ‼</strong><br><br><code>A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with &quot;%s: key len = %d, too long\n&quot; format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28846">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27103">

      <div class="body">

       <div class="pull_right date details" title="10.08.2021 19:37:41">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-21681 ‼</strong><br><br><code>A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21681">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27104">

      <div class="body">

       <div class="pull_right date details" title="10.08.2021 19:37:45">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-29294 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. It could be triggered by sending crafted POST request to /HNAP1/. NOTE: The DSL-2740R and all hardware revisions are considered End of Life and as such this issue will not be patched.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29294">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27105">

      <div class="body">

       <div class="pull_right date details" title="10.08.2021 19:37:46">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-28845 ‼</strong><br><br><code>Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28845">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27106">

      <div class="body">

       <div class="pull_right date details" title="10.08.2021 19:37:47">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-29296 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29296">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27107">

      <div class="body">

       <div class="pull_right date details" title="10.08.2021 19:37:48">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-21690 ‼</strong><br><br><code>A memory leak in the grow_array function in cmdutils.c og Ffmpeg 4.2 allows attackers to cause a denial of service (DOS) via a crafted ogg file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21690">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27108">

      <div class="body">

       <div class="pull_right date details" title="10.08.2021 19:37:49">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-29295 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 and all hardware revisions is considered End of Life and as such this issue will not be patched.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29295">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27109">

      <div class="body">

       <div class="pull_right date details" title="10.08.2021 19:37:51">
19:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-21675 ‼</strong><br><br><code>A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21675">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-865">

      <div class="body details">
11 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27110">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:37:48">
02:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-38529 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38529">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27111">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:37:48">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-38525 ‼</strong><br><br><code>Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38525">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27112">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:37:49">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-38515 ‼</strong><br><br><code>Certain NETGEAR devices are affected by denial of service. This affects R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R7900 before 1.0.3.18, and R8000 before 1.0.4.46.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38515">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27113">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:37:50">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-38531 ‼</strong><br><br><code>Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, and AC2400 before 1.2.0.76.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38531">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27114">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:37:51">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-38513 ‼</strong><br><br><code>Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38513">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27115">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:37:54">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-38517 ‼</strong><br><br><code>Certain NETGEAR devices are affected by out-of-bounds reads and writes. This affects R6400 before 1.0.1.70, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, and XR300 before 1.0.3.50.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38517">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27116">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:37:55">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-38518 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38518">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27117">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:37:56">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-32122 ‼</strong><br><br><code>Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32122">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27118">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:37:57">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-38538 ‼</strong><br><br><code>Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR500 before 2.3.2.56.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38538">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27119">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:37:58">
02:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-38532 ‼</strong><br><br><code>NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38532">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27120">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:38:02">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38522 ‼</strong><br><br><code>NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based buffer overflow by an authenticated user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38522">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27121">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:38:02">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38527 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, EX6410 before 1.0.0.132, EX6420 before 1.0.0.132, EX7300 before 1.0.2.158, EX7300v2 before 1.0.0.132, EX7320 before 1.0.0.132, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, R7800 before 1.0.2.78, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.6.2.4, RBS50Y before 2.6.1.40, RBW30 before 2.6.2.2, and XR500 before 2.3.2.114.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38527">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27122">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:38:03">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38539 ‼</strong><br><br><code>Certain NETGEAR devices are affected by privilege escalation. This affects D8500 before 1.0.3.44, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.2.126, R7000 before 1.0.9.42, R7000P before 1.3.2.126, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.10, R8300 before 1.0.2.130, and R8500 before 1.0.2.130.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38539">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27123">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:38:04">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38536 ‼</strong><br><br><code>Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38536">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27124">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:38:05">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38526 ‼</strong><br><br><code>Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38526">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27125">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:38:09">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38516 ‼</strong><br><br><code>Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38516">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27126">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:38:10">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38530 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38530">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27127">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:38:11">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38534 ‼</strong><br><br><code>Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.60, D6200 before 1.1.00.36, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.62, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6700v3 before 1.0.2.62, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7450 before 1.2.0.36, R7900 before 1.0.3.8, R7900P before 1.4.1.50, R8000 before 1.0.4.28, R8000P before 1.4.1.50, R8300 before 1.0.2.130, R8500 before 1.0.2.130, WNDR3400v3 before 1.0.1.24, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.40, and XR500 before 2.3.2.40.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38534">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27128">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:38:11">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38520 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.52, R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, and R7000P before 1.3.2.124.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38520">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27129">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 02:38:12">
02:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38533 ‼</strong><br><br><code>NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38533">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27130">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 09:38:12">
09:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-33595 ‼</strong><br><br><code>A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33595">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27131">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 09:38:12">
09:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-33594 ‼</strong><br><br><code>An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33594">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27132">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 10:12:21">
10:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Use 2FA to secure your WordPress login 🦿</strong><br><br><code>Jack Wallen shows you how to keep your Wordpress account safe with two-factor authentication.</code><br><br><a href="https://www.techrepublic.com/videos/use-2fa-to-secure-your-wordpress-login/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27133">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:12:20">
11:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Fake COVID vaccine card sales ramp up on Dark Web 🦿</strong><br><br><code>Even as the delta variant spreads, many people would rather pay money for a phony vaccine card than get the actual shot for free, according to Check Point Research.</code><br><br><a href="https://www.techrepublic.com/article/fake-covid-vaccine-card-sales-ramp-up-on-dark-web/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27134">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:18">
11:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-0006 ‼</strong><br><br><code>Improper conditions check in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.4.0 may allow a privileged user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0006">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27135">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:19">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0083 ‼</strong><br><br><code>Improper input validation in some Intel(R) Optane(TM) PMem versions before versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0083">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27136">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:20">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0007 ‼</strong><br><br><code>Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.1.0 may allow a privileged attacker to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0007">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27137">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:21">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0012 ‼</strong><br><br><code>Use after free in some Intel(R) Graphics Driver before version 27.20.100.8336, 15.45.33.5164, and 15.40.47.5166 may allow an authenticated user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0012">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27138">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:22">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0004 ‼</strong><br><br><code>Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0004">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27139">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:26">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-32939 ‼</strong><br><br><code>FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32939">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27140">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:27">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-32931 ‼</strong><br><br><code>An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27141">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:28">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-32947 ‼</strong><br><br><code>FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32947">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27142">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:28">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0002 ‼</strong><br><br><code>Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0002">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27143">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:30">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0084 ‼</strong><br><br><code>Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0084">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27144">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:33">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0005 ‼</strong><br><br><code>Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0005">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27145">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:34">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0009 ‼</strong><br><br><code>Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0009">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27146">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:35">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0062 ‼</strong><br><br><code>Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0062">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27147">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:38">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0008 ‼</strong><br><br><code>Uncontrolled resource consumption in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0008">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27148">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:39">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0003 ‼</strong><br><br><code>Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0003">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27149">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:40">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0160 ‼</strong><br><br><code>Uncontrolled search path in some Intel(R) NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0160">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27150">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:41">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-23420 ‼</strong><br><br><code>This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23420">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27151">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:42">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0196 ‼</strong><br><br><code>Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0196">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27152">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:43">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-28589 ‼</strong><br><br><code>An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28589">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27153">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 11:38:44">
11:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-0061 ‼</strong><br><br><code>Improper initialization in some Intel(R) Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0061">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27154">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 12:35:48">
12:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Kaseya’s ‘Master Key’ to REvil Attack Leaked Online ❌</strong><br><br><code>The decryptor is of little use to other companies hit in the spate of attacks unleashed before the notorious ransomware group went dark, researchers said.</code><br><br><a href="https://threatpost.com/kaseyas-master-key-to-revil-attack-leaked-online/168565/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27155">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 12:35:49">
12:35
       </div>

       <div class="text">
<strong>❌ Crypto Hack Earned Crooks $600 Million ❌</strong><br><br><code>In one of the largest cryptocurrency hacks to date, cyberattackers reportedly stole millions from the decentralized finance (DeFi) platform Poly Network.</code><br><br><a href="https://threatpost.com/crypto-hack-600-million/168554/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27156">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 12:35:50">
12:35
       </div>

       <div class="text">
<strong>❌ SAP Patches Nine Critical &amp; High-Severity Bugs ❌</strong><br><br><code>Experts urged enterprises to patch fast: SAP vulnerabilities are being weaponized in a matter of hours.</code><br><br><a href="https://threatpost.com/sap-patches-critical-bugs/168558/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27157">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 13:38:25">
13:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2019-25052 ‼</strong><br><br><code>In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-25052">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27158">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 13:38:26">
13:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-34640 ‼</strong><br><br><code>The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER[&apos;PHP_SELF&apos;] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34640">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27159">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 13:38:27">
13:38
       </div>

       <div class="text">
<strong>🛠 Faraday 3.17.0 🛠</strong><br><br><code>Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.</code><br><br><a href="https://packetstormsecurity.com/files/163794/faraday-3.17.0.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27160">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 14:04:34">
14:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Hacker grabs $600m in cryptocash from blockchain company Poly Networks ⚠</strong><br><br><code>Where have all the cryptocoins gone? Will we ever get them back?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/11/hacker-grabs-600m-in-cryptocash-from-blockchain-company-poly-networks/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27161">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 14:04:36">
14:04
       </div>

       <div class="text">
<strong>⚠ Home and small business routers under attack – how to see if you are at risk ⚠</strong><br><br><code>Practical advice for homes and small businesses, following news that a recently disclosed router bug is actively being exploited by crooks.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/10/home-and-small-business-routers-under-attack-how-to-see-if-you-are-at-risk/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27162">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 14:07:36">
14:07
       </div>

       <div class="text">
<strong>❌ ‘Friends’ Reunion Anchors Video Swindle ❌</strong><br><br><code>Spam was on the rise in Q2, with video fraud and COVID-19-related efforts in the mix.</code><br><br><a href="https://threatpost.com/friends-reunion-video-swindle/168583/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27163">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:36">
15:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-38548 ‼</strong><br><br><code>JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a &quot;Glowworm&quot; attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device&apos;s power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38548">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27164">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:38">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-20420 ‼</strong><br><br><code>IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20420">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27165">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:39">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-3046 ‼</strong><br><br><code>An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 10.1 versions are not impacted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3046">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27166">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:40">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-38547 ‼</strong><br><br><code>Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a &quot;Glowworm&quot; attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device&apos;s power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38547">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27167">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:42">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-38549 ‼</strong><br><br><code>MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a &quot;Glowworm&quot; attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter&apos;s power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter&apos;s power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38549">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27168">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:43">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-3047 ‼</strong><br><br><code>A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator&apos;s session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3047">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27169">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:44">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-38544 ‼</strong><br><br><code>Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a &quot;Glowworm&quot; attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device&apos;s power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38544">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27170">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:45">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-3045 ‼</strong><br><br><code>An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3045">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27171">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:46">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-20427 ‼</strong><br><br><code>IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20427">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27172">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:47">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-38545 ‼</strong><br><br><code>Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a &quot;Glowworm&quot; attack. We assume that the Raspberry Pi supplies power to some speakers. The power indicator LED of the Raspberry Pi is connected directly to the power line, as a result, the intensity of a device&apos;s power indicator LED is correlative to the power consumption. The sound played by the speakers affects the Raspberry Pi&apos;s power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the Raspberry Pi, we can recover the sound played by the speakers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38545">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27173">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:48">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-38543 ‼</strong><br><br><code>TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a &quot;Glowworm&quot; attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter&apos;s power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter&apos;s power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38543">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27174">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:50">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-20418 ‼</strong><br><br><code>IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20418">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27175">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:50">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-38546 ‼</strong><br><br><code>CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a &quot;Glowworm&quot; attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device&apos;s power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38546">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27176">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:51">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-3050 ‼</strong><br><br><code>An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10; PAN-OS 10.0 version 10.0.7 and earlier PAN-OS 10.0 versions; PAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.1. Prisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3050">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27177">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 15:50:55">
15:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-3048 ‼</strong><br><br><code>Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then restarts, it results in a denial-of-service (DoS) condition and the firewall stops processing traffic. This issue impacts: PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 8.1 and PAN-OS 10.1 versions are not impacted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3048">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27178">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 16:35:55">
16:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ NSA Watchdog Will Review Tucker Carlson Spying Claims ❌</strong><br><br><code>Despite a lack of evidence, the National Security Agency will investigate whether the Fox host was illegally targeted.</code><br><br><a href="https://threatpost.com/nsa-watchdog-review-tucker-carlson-spying/168590/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27179">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 16:35:56">
16:35
       </div>

       <div class="text">
<strong>🦿 Top 5 ransomware operators by income 🦿</strong><br><br><code>Tom Merritt lists the most lucrative ransomware gangs and why they&apos;re dangerous.</code><br><br><a href="https://www.techrepublic.com/article/top-5-ransomware-operators-by-income/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27180">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 16:35:57">
16:35
       </div>

       <div class="text">
<strong>🦿 Ransomware operators by income: Top 5 🦿</strong><br><br><code>Ransomware gangs continue because they make a lot of money. Tom Merritt talks about the five most lucrative ones.</code><br><br><a href="https://www.techrepublic.com/videos/ransomware-operators-by-income-top-5/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27181">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 16:38:58">
16:38
       </div>

       <div class="text">
<strong>🔏 White House Presses Agencies to Protect Critical Software 🔏</strong><br><br><code>The countdown is on for federal agencies to identify and safeguard critical software. A new White House memo gives entities one year to incorporate new security measures.</code><br><br><a href="https://digitalguardian.com/blog/white-house-presses-agencies-protect-critical-software">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27182">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 17:38:37">
17:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-21976 ‼</strong><br><br><code>An arbitrary file upload in the &lt;input type=&quot;file&quot; name=&quot;user_image&quot;&gt; component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21976">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27183">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 17:38:39">
17:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-23421 ‼</strong><br><br><code>All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23421">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27184">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 17:38:39">
17:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38085 ‼</strong><br><br><code>The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38085">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27185">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 17:38:40">
17:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-37694 ‼</strong><br><br><code>@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to update.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37694">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27186">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:06:00">
19:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Accenture Confirms LockBit Ransomware Attack ❌</strong><br><br><code>LockBit offered Accenture&apos;s purported databases and made a requisite jab at its purportedly sad security. Accenture says it recovered just fine from backups.</code><br><br><a href="https://threatpost.com/accenture-lockbit-ransomware-attack/168594/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27187">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:38:44">
19:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-21363 ‼</strong><br><br><code>An arbitrary file deletion vulnerability exists within Maccms10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21363">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27188">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:38:45">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-25560 ‼</strong><br><br><code>In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “pingâ€�, “tracerouteâ€� and “snmpâ€� functions and execute code on the server. We also observed the same is true if the JSESSIONID is completely removed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25560">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27189">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:38:46">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-33793 ‼</strong><br><br><code>Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33793">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27190">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:38:47">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-33791 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33791">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27191">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:38:48">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-22098 ‼</strong><br><br><code>UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along with redirection of UAA users to a malicious sites.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22098">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27192">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:38:52">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-25565 ‼</strong><br><br><code>In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “pingâ€�, “tracerouteâ€� and “snmpâ€� functions and execute code on the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25565">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27193">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:38:53">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2017-16630 ‼</strong><br><br><code>In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16630">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27194">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:38:54">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-32438 ‼</strong><br><br><code>The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32438">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27195">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:38:55">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-25562 ‼</strong><br><br><code>In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25562">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27196">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:38:56">
19:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-32437 ‼</strong><br><br><code>The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32437">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27197">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:39:00">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-25564 ‼</strong><br><br><code>In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27198">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:39:02">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-32439 ‼</strong><br><br><code>Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32439">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27199">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:39:03">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-25561 ‼</strong><br><br><code>SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27200">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:39:04">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-21362 ‼</strong><br><br><code>A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the &apos;wd&apos; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21362">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27201">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:39:05">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-25563 ‼</strong><br><br><code>In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27202">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:39:06">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2017-16629 ‼</strong><br><br><code>In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For &quot;Incorrect User&quot; - it gives an error &quot;The application failed to identify the user. Please contact administrator for help.&quot; For &quot;Correct User and Incorrect Password&quot; - it gives an error &quot;Authentication failed. Please login again.&quot;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16629">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27203">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:39:07">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-33794 ‼</strong><br><br><code>Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33794">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27204">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:39:09">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-32440 ‼</strong><br><br><code>The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32440">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27205">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:39:10">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-21359 ‼</strong><br><br><code>An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file&apos;s name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27206">

      <div class="body">

       <div class="pull_right date details" title="11.08.2021 19:39:11">
19:39
       </div>

       <div class="text">
<strong>‼ CVE-2017-16632 ‼</strong><br><br><code>In SapphireIMS 4097_1, the password in the database is stored in Base64 format.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16632">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-866">

      <div class="body details">
12 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27207">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 02:39:11">
02:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37699 ‼</strong><br><br><code>Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker&apos;s domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37699">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27208">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 02:39:12">
02:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38592 ‼</strong><br><br><code>Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38592">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27209">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 02:39:13">
02:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38591 ‼</strong><br><br><code>An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38591">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27210">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 02:39:14">
02:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38593 ‼</strong><br><br><code>Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38593">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27211">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 09:39:28">
09:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37222 ‼</strong><br><br><code>Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37222">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27212">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 09:39:29">
09:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-24576 ‼</strong><br><br><code>Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24576">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27213">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 10:41:31">
10:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Microsoft Warns: Another Unpatched PrintNightmare Zero-Day ❌</strong><br><br><code>The out-of-band warning pairs with a working proof-of-concept exploit for the issue, circulating since mid-July.</code><br><br><a href="https://threatpost.com/microsoft-unpatched-printnightmare-zero-day/168613/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27214">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 11:06:26">
11:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ QR Code Scammers Get Creative with Bitcoin ATMs ❌</strong><br><br><code>Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology&apos;s trust relationship with users.</code><br><br><a href="https://threatpost.com/qr-code-scammers-bitcoin-atms/168621/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27215">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 11:34:53">
11:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep45: Routers attacked, hacking tool hacked, and betrayers betrayed [Podcast] ⚠</strong><br><br><code>Latest episode - listen now! (And learn about the Navajo Nation&apos;s selfless cryptographic contribution to America.)</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/12/s3-ep45-routers-attacked-hacking-tool-hacked-and-betrayers-betrayed-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27216">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 11:39:47">
11:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28165 ‼</strong><br><br><code>The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28165">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27217">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 12:02:38">
12:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Microsoft fixes Print Spooler bugs with August Patch Tuesday rollout 🦿</strong><br><br><code>The fix, though, means that only administrators will be able to install print drivers on Windows PCs.</code><br><br><a href="https://www.techrepublic.com/article/microsoft-fixes-print-spooler-bugs-with-august-patch-tuesday-rollout/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27218">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 12:32:30">
12:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 When 2FA on your Linux servers won&apos;t let you in, try this fix 🦿</strong><br><br><code>When your Linux servers are giving you fits, Jack Wallen has the solution for you.</code><br><br><a href="https://www.techrepublic.com/videos/when-2fa-on-your-linux-servers-wont-let-you-in-try-this-fix/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27219">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:36:32">
13:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Ransomware Payments Explode Amid ‘Quadruple Extortion’ ❌</strong><br><br><code>Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks.</code><br><br><a href="https://threatpost.com/ransomware-payments-quadruple-extortion/168622/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27220">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:41">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-27792 ‼</strong><br><br><code>The command “ipfilterâ€� in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27792">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27221">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:41">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-27794 ‼</strong><br><br><code>A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27794">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27222">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:42">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-35955 ‼</strong><br><br><code>Contao &gt;=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35955">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27223">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:43">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-20314 ‼</strong><br><br><code>Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20314">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27224">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:44">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-20981 ‼</strong><br><br><code>A SQL injection in the /admin/?n=logs&amp;c=index&amp;a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20981">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27225">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:48">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38087 ‼</strong><br><br><code>Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38087">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27226">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:49">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-20975 ‼</strong><br><br><code>In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20975">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27227">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:49">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-20979 ‼</strong><br><br><code>An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20979">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27228">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:50">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-20977 ‼</strong><br><br><code>A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20977">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27229">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:51">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-27793 ‼</strong><br><br><code>ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27793">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27230">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:55">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38086 ‼</strong><br><br><code>Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38086">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27231">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:56">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-37841 ‼</strong><br><br><code>Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37841">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27232">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:57">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-27791 ‼</strong><br><br><code>The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27791">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27233">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:58">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38597 ‼</strong><br><br><code>wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38597">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27234">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:39:59">
13:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-27790 ‼</strong><br><br><code>The command “ipfilterâ€� in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27790">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27235">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 13:40:02">
13:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-38088 ‼</strong><br><br><code>Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38088">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27236">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 14:03:00">
14:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 For sale: Access to your company network. Price: Less than you&apos;d think 🦿</strong><br><br><code>Access to secured networks is regularly sold on the Dark Web and 45% of those sales are less than $1,000.</code><br><br><a href="https://www.techrepublic.com/article/for-sale-access-to-your-company-network-price-less-than-youd-think/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27237">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 14:53:33">
14:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ AdLoad Malware 2021 Samples Skate Past Apple XProtect ❌</strong><br><br><code>A crush of new attacks using the well-known adware involves at least 150 updated samples, many of which aren&apos;t recognized by Apple&apos;s built-in security controls.</code><br><br><a href="https://threatpost.com/adload-malware-apple-xprotect/168634/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27238">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 15:38:52">
15:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Progress Being Made Fortifying US Cyber Defenses 🔏</strong><br><br><code>Nearly 75 percent of the Cyberspace Solarium Commission&apos;s federal recommendations have been implemented or are on track to being implemented.</code><br><br><a href="https://digitalguardian.com/blog/progress-being-made-fortifying-us-cyber-defenses">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27239">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 15:38:53">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-18445 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18445">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27240">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 15:38:54">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20509 ‼</strong><br><br><code>IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20509">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27241">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 15:38:55">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-32808 ‼</strong><br><br><code>ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version &gt;= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32808">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27242">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 15:38:56">
15:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38606 ‼</strong><br><br><code>reNgine through 0.5 relies on a predictable directory name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38606">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27243">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 15:39:00">
15:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38291 ‼</strong><br><br><code>FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38291">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27244">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 15:39:01">
15:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38604 ‼</strong><br><br><code>In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38604">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27245">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 15:39:02">
15:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-32809 ‼</strong><br><br><code>ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version &gt;= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32809">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27246">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 15:39:04">
15:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38599 ‼</strong><br><br><code>WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because &quot;the user likely wanted to encrypt all file activity.&quot;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38599">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27247">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 15:39:05">
15:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-18446 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18446">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27248">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:36:37">
17:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Black Hat: Novel DNS Hack Spills Confidential Corp Data ❌</strong><br><br><code>Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53&apos;s DNS service and Google Cloud DNS.</code><br><br><a href="https://threatpost.com/black-hat-novel-dns-hack/168636/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27249">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:39:54">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-34534 ‼</strong><br><br><code>Windows MSHTML Platform Remote Code Execution Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34534">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27250">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:39:55">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-36938 ‼</strong><br><br><code>Windows Cryptographic Primitives Library Information Disclosure Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36938">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27251">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:39:56">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-36949 ‼</strong><br><br><code>Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36949">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27252">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:39:57">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-37640 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The [reshape functor](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. We have patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1 as this is the other affected version.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37640">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27253">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:39:58">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-36948 ‼</strong><br><br><code>Windows Update Medic Service Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36948">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27254">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:39:59">
17:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-18458 ‼</strong><br><br><code>Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18458">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27255">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:00">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-26424 ‼</strong><br><br><code>Windows TCP/IP Remote Code Execution Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26424">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27256">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:01">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-33762 ‼</strong><br><br><code>Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36943.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33762">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27257">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:03">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-26430 ‼</strong><br><br><code>Azure Sphere Denial of Service Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26430">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27258">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:03">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37636 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails to treat the division by 0 case separately. We have patched the issue in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37636">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27259">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:05">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-36946 ‼</strong><br><br><code>Microsoft Dynamics Business Central Cross-site Scripting Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36946">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27260">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:06">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-18451 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18451">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27261">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:07">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-36932 ‼</strong><br><br><code>Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36926, CVE-2021-36933.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36932">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27262">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:08">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-36941 ‼</strong><br><br><code>Microsoft Word Remote Code Execution Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36941">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27263">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:10">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-18460 ‼</strong><br><br><code>Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&amp;m=content.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18460">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27264">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:11">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-36943 ‼</strong><br><br><code>Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33762.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36943">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27265">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:12">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-34537 ‼</strong><br><br><code>Windows Bluetooth Driver Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34537">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27266">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:13">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37643 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that the tensor has values to read from. We have patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37643">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27267">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:14">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-36958 ‼</strong><br><br><code>Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36947.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36958">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27268">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 17:40:15">
17:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37639 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc#L158-L159) retrieves the tensor list corresponding to the `tensor_name` user controlled input and immediately retrieves the tensor at the restoration index (controlled via `preferred_shard` argument). This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements, if the restoration index is outside the bounds this results in heap OOB read. We have patched the issue in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37639">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27269">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 18:36:39">
18:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Rogue Marketplace AlphaBay Reboots ❌</strong><br><br><code>Illicit underground marketplace relaunches years after takedown.</code><br><br><a href="https://threatpost.com/rogue-marketplace-alphabay-reboots/168648/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27270">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:09">
19:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37645 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126) uses the `axis` value as the size argument to `absl::InlinedVector` constructor. But, the constructor uses an unsigned type for the argument, so the implicit conversion transforms the negative value to a large integer. We have patched the issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, and TensorFlow 2.4.3, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37645">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27271">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:10">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37700 ‼</strong><br><br><code>@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string `&lt;table&gt;`, a **div** is dynamically created, and the clipboard content is copied into its **innerHTML** property without any sanitization, resulting in improper execution of JavaScript in the browser of the victim (the user who pasted the code). Users directed to copy text from a malicious website and paste it into pages that utilize this library are affected. This is fixed in version 0.3.4. Refer the to the referenced GitHub Advisory for more details including an example exploit.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37700">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27272">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:10">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37664 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in `stats_summary_indices` is in range. We have patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37664">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27273">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:11">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37662 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar attack can occur in `BoostedTreesCalculateBestFeatureSplitV2`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) does not validate the input values. We have patched the issue in GitHub commit 9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37662">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27274">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:12">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37659 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don&apos;t require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_ops_common.h#L264) assumes that the two inputs have exactly the same number of elements but does not check that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to binding to nullptr. We have patched the issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37659">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27275">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:16">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37704 ‼</strong><br><br><code>PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37704">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27276">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:18">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37641 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don&apos;t determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/ragged_gather_op.cc#L70) directly reads the first dimension of a tensor shape before checking that said tensor has rank of at least 1 (i.e., it is not a scalar). Furthermore, the implementation does not check that the list given by `params_nested_splits` is not an empty list of tensors. We have patched the issue in GitHub commit a2b743f6017d7b97af1fe49087ae15f0ac634373. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37641">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27277">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:19">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37657 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37657">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27278">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:20">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37656 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30) has an incomplete validation of the splits values: it does not check that they are in increasing order. We have patched the issue in GitHub commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37656">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27279">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:22">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37661 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negative arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96) does not validate that `num_streams` only contains non-negative numbers. In turn, [this results in using this value to allocate memory](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40). However, `reserve` receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library. We have patched the issue in GitHub commit 8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37661">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27280">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:23">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37646 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/string_ngrams_op.cc#L184) calls `reserve` on a `tstring` with a value that sometimes can be negative if user supplies negative `ngram_widths`. The `reserve` method calls `TF_TString_Reserve` which has an `unsigned long` argument for the size of the buffer. Hence, the implicit conversion transforms the negative value to a large integer. We have patched the issue in GitHub commit c283e542a3f422420cfdb332414543b62fc4e4a5. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37646">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27281">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:24">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37644 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negative number of elements. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls `std::vector.resize()` with the new size controlled by input given by the user, without checking that this input is valid. We have patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37644">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27282">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:25">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-33199 ‼</strong><br><br><code>In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input-&gt;get(&apos;file&apos;) instead of the fixed file names of icon.png and icon.svg.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33199">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27283">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:26">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37658 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37658">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27284">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:28">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37654 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bounds of heap allocated data in the same API in a release build. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L660-L668) does not check that the `batch_dims` value that the user supplies is less than the rank of the input tensor. Since the implementation uses several for loops over the dimensions of `tensor`, this results in reading data from outside the bounds of heap allocated buffer backing the tensor. We have patched the issue in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37654">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27285">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:28">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-33056 ‼</strong><br><br><code>Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33056">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27286">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:30">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37651 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205) does not validate that the input tensor is non-empty. Thus, code constructs an empty `EigenDoubleMatrixMap` and then accesses this buffer with indices that are outside of the empty area. We have patched the issue in GitHub commit 0f931751fb20f565c4e94aa6df58d54a003cdb30. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37651">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27287">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:31">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37650 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types. We have patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37650">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27288">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:32">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37599 ‼</strong><br><br><code>The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37599">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27289">

      <div class="body">

       <div class="pull_right date details" title="12.08.2021 19:40:33">
19:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37655 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to `tf.raw_ops.ResourceScatterUpdate`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of `indices` and `updates`: instead of checking that the shape of `indices` is a prefix of the shape of `updates` (so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship. We have patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37655">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-867">

      <div class="body details">
13 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27290">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 02:40:22">
02:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37695 ‼</strong><br><br><code>ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version &lt; 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37695">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27291">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 02:40:23">
02:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37690 ‼</strong><br><br><code>TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct are owned by an inference context that is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can trigger a segfault. `ShapeRefiner` is mitigating this for normal output shapes by cloning them (and thus putting the newly created shape under ownership of an inference context that will not die), but we were not doing the same for shapes and types. This commit fixes that by doing similar logic on output shapes and types. We have patched the issue in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37690">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27292">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 11:40:53">
11:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37350 ‼</strong><br><br><code>Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37350">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27293">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 11:40:54">
11:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37347 ‼</strong><br><br><code>Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37347">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27294">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 11:40:55">
11:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37348 ‼</strong><br><br><code>Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37348">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27295">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 11:40:56">
11:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37349 ‼</strong><br><br><code>Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37349">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27296">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 11:40:57">
11:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-37343 ‼</strong><br><br><code>A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37343">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27297">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 11:41:01">
11:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-37353 ‼</strong><br><br><code>Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37353">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27298">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 11:41:02">
11:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-31399 ‼</strong><br><br><code>On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31399">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27299">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 11:41:04">
11:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-37344 ‼</strong><br><br><code>Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37344">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27300">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 11:41:05">
11:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-37352 ‼</strong><br><br><code>An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37352">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27301">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 11:41:06">
11:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-37346 ‼</strong><br><br><code>Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37346">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27302">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 11:41:07">
11:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-37351 ‼</strong><br><br><code>Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37351">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27303">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 11:41:07">
11:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-37345 ‼</strong><br><br><code>Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37345">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27304">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 13:32:48">
13:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 What is zero trust security? 🦿</strong><br><br><code>Want a zero-trust security primer on this complex cybersecurity topic? Brandon Vigliarolo breaks it down for you.</code><br><br><a href="https://www.techrepublic.com/videos/what-is-zero-trust-security/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27305">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 13:41:14">
13:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-38621 ‼</strong><br><br><code>The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38621">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27306">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 13:41:15">
13:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-3573 ‼</strong><br><br><code>A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3573">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27307">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 13:41:17">
13:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-3635 ‼</strong><br><br><code>A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3635">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27308">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 13:41:18">
13:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27741 ‼</strong><br><br><code>&quot; Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection&quot;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27741">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27309">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 13:41:19">
13:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-38619 ‼</strong><br><br><code>openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38619">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27310">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 13:41:21">
13:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-38583 ‼</strong><br><br><code>openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38583">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27311">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 14:02:40">
14:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Company size is a nonissue with automated cyberattack tools 🦿</strong><br><br><code>Even with plenty of old problems to contend with, an expert suggests security pros need to get ready for new and more powerful automated ransomware tools.</code><br><br><a href="https://www.techrepublic.com/article/company-size-is-a-nonissue-with-automated-cyberattack-tools/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27312">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 14:09:56">
14:09
       </div>

       <div class="text">
<strong>🔏 Friday Five 8/13 🔏</strong><br><br><code>SBOMs, the biggest cryptocurrency theft in history, and the push for a 72 hour data breach disclosure window - catch up on the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-8/13">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27313">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 14:32:45">
14:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Excel is still a security headache after 30 years because of this one feature 🦿</strong><br><br><code>Threat researcher explains why it&apos;s tricky to tell the difference between legitimate Excel Macros and ones that deliver malware.</code><br><br><a href="https://www.techrepublic.com/article/excel-is-still-a-security-headache-after-30-years-because-of-this-one-feature/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27314">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 14:32:46">
14:32
       </div>

       <div class="text">
<strong>🦿 A diverse cybersecurity team can help alleviate the talent shortage 🦿</strong><br><br><code>Responsibilities are complex and require different job descriptions, reduced bias and a variety of skill sets, industry leaders say.</code><br><br><a href="https://www.techrepublic.com/article/a-diverse-cybersecurity-team-can-help-alleviate-the-talent-shortage/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27315">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:32:42">
15:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to install Webmin on Rocky Linux 🦿</strong><br><br><code>With Webmin, you can better secure and manage your instances of Rocky Linux. Jack Wallen walks you through the process of getting this web-based tool up and running.</code><br><br><a href="https://www.techrepublic.com/article/how-to-install-webmin-on-rocky-linux/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27316">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:10">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-38553 ‼</strong><br><br><code>HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38553">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27317">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:12">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-36787 ‼</strong><br><br><code>The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36787">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27318">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:12">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-34823 ‼</strong><br><br><code>The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it triggers a code path that will download a configuration file from a specified remote machine over HTTP. There is an XXE flaw in processing of this configuration file that allows reading local (to macOS) files and uploading them to remote machines.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34823">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27319">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:13">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-32071 ‼</strong><br><br><code>The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32071">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27320">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:14">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-36793 ‼</strong><br><br><code>The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36793">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27321">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:18">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-37028 ‼</strong><br><br><code>There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37028">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27322">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:19">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-36785 ‼</strong><br><br><code>The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36785">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27323">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:20">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-32068 ‼</strong><br><br><code>The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify application data and state.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32068">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27324">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:21">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-36792 ‼</strong><br><br><code>The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36792">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27325">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:22">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-38302 ‼</strong><br><br><code>The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38302">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27326">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:26">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-38554 ‼</strong><br><br><code>HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38554">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27327">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:28">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-18759 ‼</strong><br><br><code>An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.&apos;s PLC MAC1100.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18759">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27328">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:29">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-32069 ‼</strong><br><br><code>The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32069">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27329">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:30">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-18757 ‼</strong><br><br><code>An issue in Dut Computer Control Engineering Co.&apos;s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18757">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27330">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:31">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-36790 ‼</strong><br><br><code>The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36790">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27331">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:32">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-36788 ‼</strong><br><br><code>The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36788">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27332">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:34">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-36791 ‼</strong><br><br><code>The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36791">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27333">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:35">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-37586 ‼</strong><br><br><code>The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37586">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27334">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:36">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-18753 ‼</strong><br><br><code>An issue in Dut Computer Control Engineering Co.&apos;s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18753">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27335">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 15:41:37">
15:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-32067 ‼</strong><br><br><code>The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32067">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27336">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 16:08:14">
16:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Exchange Servers Under Active Attack via ProxyShell Bugs ❌</strong><br><br><code>There’s an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs.</code><br><br><a href="https://threatpost.com/exchange-servers-attack-proxyshell/168661/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27337">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 17:11:17">
17:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21829 ‼</strong><br><br><code>A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&amp;T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21829">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27338">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 17:11:18">
17:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-21830 ‼</strong><br><br><code>A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&amp;T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21830">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27339">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 17:37:15">
17:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ SolarWinds 2.0 Could Ignite Financial Crisis – Podcast ❌</strong><br><br><code>That’s what NY State suggests could happen, given the utter lack of cybersec protection at many private equity &amp; hedge fund firms. Can AI help avert it?</code><br><br><a href="https://threatpost.com/solarwinds-financial-crisis-podcast/168677/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27340">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 18:07:23">
18:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware ❌</strong><br><br><code>CAPTCHA-protected malicious URLs are snowballing lately, researchers said.</code><br><br><a href="https://threatpost.com/cyberattackers-captchas-phishing-malware/168684/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27341">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 18:37:17">
18:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come? ❌</strong><br><br><code>Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps. A confidential memo from inside Amazon explained that customer service credential abuse and data theft was on the rise, according to Motherboard which reviewed the document. […]</code><br><br><a href="https://threatpost.com/amazons-track-worker-keystrokes/168687/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27342">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 19:11:21">
19:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-21066 ‼</strong><br><br><code>An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aac.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21066">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27343">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 19:11:22">
19:11
       </div>

       <div class="text">
<strong>‼ CVE-2020-21064 ‼</strong><br><br><code>A buffer-overflow vulnerability in the AP4_RtpAtom::AP4_RtpAtom function in Ap4RtpAtom.cpp of Bento4 1.5.1.0 allows attackers to cause a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21064">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27344">

      <div class="body">

       <div class="pull_right date details" title="13.08.2021 19:11:23">
19:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-37705 ‼</strong><br><br><code>OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be both version 2.12.0 or greater and deployed with the non-default --multi_tenant_domain option. This can result in read/write access to private data such as software vulnerability and crash information, security testing tools and proprietary code and symbols. Via authorized API calls, this also enables tampering with existing data and unauthorized code execution on Azure compute resources. This issue is resolved starting in release 2.31.0, via the addition of application-level check of the bearer token&apos;s `issuer` against an administrator-configured allowlist. As a workaround users can restrict access to the tenant of a deployed OneFuzz instance &lt; 2.31.0 by redeploying in the default configuration, which omits the `--multi_tenant_domain` option.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37705">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-868">

      <div class="body details">
16 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27345">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 02:14:12">
02:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-38709 ‼</strong><br><br><code>In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38709">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27346">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 02:14:13">
02:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-26086 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26086">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27347">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 02:14:14">
02:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38711 ‼</strong><br><br><code>In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38711">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27348">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 02:14:15">
02:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38713 ‼</strong><br><br><code>imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38713">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27349">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 02:14:17">
02:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38712 ‼</strong><br><br><code>OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor&apos;s recommended solution is to block the access via an NGINX configuration file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38712">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27350">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 02:14:18">
02:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38708 ‼</strong><br><br><code>In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38708">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27351">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:29">
09:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24538 ‼</strong><br><br><code>The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24538">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27352">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:30">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24527 ‼</strong><br><br><code>The User Registration &amp; User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24527">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27353">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:32">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24445 ‼</strong><br><br><code>The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24445">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27354">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:33">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24540 ‼</strong><br><br><code>The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24540">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27355">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:34">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24536 ‼</strong><br><br><code>The Custom Login Redirect WordPress plugin through 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24536">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27356">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:35">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24519 ‼</strong><br><br><code>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &apos;Text Next to Icon&apos; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24519">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27357">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:36">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24471 ‼</strong><br><br><code>The YouTube Embed WordPress plugin before 5.2.2 does not validate, escape or sanitise some of its shortcode attributes, leading to Stored XSS issues by 1. using w, h, controls, cc_lang, color, language, start, stop, or style parameter of youtube shortcode, 2. by using style, class, rel, target, width, height, or alt parameter of youtube_thumb shortcode, or 3. by embedding a video whose title or description contains XSS payload (if API key is configured).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24471">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27358">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:37">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24512 ‼</strong><br><br><code>The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of videos.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24512">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27359">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:38">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24466 ‼</strong><br><br><code>The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in the settings and verses, this could also lead to Stored Cross-Site Scripting issues</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24466">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27360">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:39">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24410 ‼</strong><br><br><code>The తెలà±?à°—à±? బైబిలà±? వచనమà±?à°²à±? WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24410">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27361">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:43">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24541 ‼</strong><br><br><code>The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderplugin_pdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24541">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27362">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:44">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24534 ‼</strong><br><br><code>The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not sanitise or escape its &quot;php_id&quot; setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24534">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27363">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:45">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24411 ‼</strong><br><br><code>The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24411">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27364">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:45">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24363 ‼</strong><br><br><code>The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24363">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27365">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:46">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24548 ‼</strong><br><br><code>The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the &quot;Default Publisher ID&quot; field on the plugin&apos;s settings page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24548">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27366">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:51">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24526 ‼</strong><br><br><code>The Form Maker by 10Web – Mobile-Friendly Drag &amp; Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24526">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27367">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:51">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24380 ‼</strong><br><br><code>The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24380">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27368">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:52">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24535 ‼</strong><br><br><code>The Light Messages WordPress plugin through 1.0 is lacking CSRF check when updating it&apos;s settings, and is not sanitising its Message Content in them (even with the unfiltered_html disallowed). As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a Cross-Site Scripting payload in the Message Content. Depending on the options set, the XSS payload can be triggered either in the backend only (in the plugin&apos;s settings), or both frontend and backend.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24535">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27369">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:54">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24518 ‼</strong><br><br><code>The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24518">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27370">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:14:54">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24362 ‼</strong><br><br><code>The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly (ie in the /wp-content/uploads/photo-gallery/ folder), leading to a Cross-Site Scripting (XSS) issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24362">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27371">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 09:34:03">
09:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Behind the scenes: A day in the life of a CIO 🦿</strong><br><br><code>Getting to the point where you&apos;re proactive is &quot;utopia,&quot; says Jadee Hanson, CIO at Code42.</code><br><br><a href="https://www.techrepublic.com/article/behind-the-scenes-a-day-in-the-life-of-a-cio/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27372">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 11:04:07">
11:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 The cybersecurity skills gap persists for the fifth year running 🦿</strong><br><br><code>Most organizations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.</code><br><br><a href="https://www.techrepublic.com/article/the-cybersecurity-skills-gap-persists-for-the-fifth-year-running/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27373">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 11:14:33">
11:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-35392 ‼</strong><br><br><code>Realtek Jungle SDK version v2.x up to v3.4.14B provides a &apos;WiFi Simple Config&apos; server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35392">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27374">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 11:14:34">
11:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-35393 ‼</strong><br><br><code>Realtek Jungle SDK version v2.x up to v3.4.14B provides a &apos;WiFi Simple Config&apos; server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. Successful exploitation of this vulnerability allows remote unauthenticated attackers to gain arbitrary code execution on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35393">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27375">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 11:14:35">
11:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-35394 ‼</strong><br><br><code>Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called &apos;MP Daemon&apos; that is usually compiled as &apos;UDPServer&apos; binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35394">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27376">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 11:14:38">
11:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38607 ‼</strong><br><br><code>Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38607">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27377">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 11:14:38">
11:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-35395 ‼</strong><br><br><code>Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in formWsc due to unsafe copy of submit-url parameter - stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter - stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter - stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter - stack buffer overflow in formWsc due to unsafe copy of &apos;peerPin&apos; parameter - arbitrary command execution in formSysCmd via the sysCmd parameter - arbitrary command injection in formWsc via the &apos;peerPin&apos; parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35395">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27378">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 12:39:04">
12:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 100m T-Mobile Customer Records Purportedly Up for Sale ❌</strong><br><br><code>The seller claims to have sucker-punched U.S. infrastructure out of retaliation. The offer: 30m records for ~1 penny each, with the rest being sold privately.</code><br><br><a href="https://threatpost.com/t-mobile-investigates-100m-records/168689/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27379">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 13:14:50">
13:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-38756 ‼</strong><br><br><code>Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38756">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27380">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 13:14:52">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38754 ‼</strong><br><br><code>SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38754">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27381">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 13:14:54">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38755 ‼</strong><br><br><code>Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38755">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27382">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 13:14:55">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38757 ‼</strong><br><br><code>Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38757">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27383">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 13:14:57">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38752 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38752">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27384">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 13:14:59">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38753 ‼</strong><br><br><code>An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38753">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27385">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 13:15:01">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-38751 ‼</strong><br><br><code>A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38751">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27386">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 13:15:03">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-38758 ‼</strong><br><br><code>Directory traversal in Online Catering Reservation System due to lack of validation in index.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38758">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27387">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 13:36:30">
13:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Copyright scammers turn to phone numbers instead of web links ⚠</strong><br><br><code>Forewarned is forearmed. Here&apos;s our advice on dealing with &quot;copyright infringement&quot; scammers.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/16/copyright-scammers-turn-to-phone-numbers-instead-of-web-links/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27388">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 13:36:31">
13:36
       </div>

       <div class="text">
<strong>⚠ S3 Ep45: Routers attacked, hacking tool hacked, and betrayers betrayed [Podcast] ⚠</strong><br><br><code>Latest episode - listen now! (And learn about the Navajo Nation&apos;s selfless cryptographic contribution to America.)</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/12/s3-ep45-routers-attacked-hacking-tool-hacked-and-betrayers-betrayed-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27389">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 14:04:09">
14:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Windows 10: How to activate Microsoft Defender Application Guard 🦿</strong><br><br><code>Microsoft Defender Application Guard protects your networks and data from malicious applications running in your web browser. Learn how to install and activate this Windows 10 security feature.</code><br><br><a href="https://www.techrepublic.com/videos/windows-10-how-to-activate-microsoft-defender-application-guard/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27390">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 15:39:10">
15:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ XSS Bug in SEOPress WordPress Plugin Allows Site Takeover ❌</strong><br><br><code>The bug would allow a number of malicious actions, up to and including full site takeover. The vulnerable plugin is installed on 100,000 websites.</code><br><br><a href="https://threatpost.com/xss-bug-seopress-wordpress-plugin/168702/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27391">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 16:41:22">
16:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Yearlong Office 365 Phishing Campaign Skilled at Evasion 🔏</strong><br><br><code>A new phishing campaign targeting Office 365 has used Morse code and other forms of obfuscation to side step detection for the last year.</code><br><br><a href="https://digitalguardian.com/blog/yearlong-office-365-phishing-campaign-skilled-evasion">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27392">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:14:50">
17:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34649 ‼</strong><br><br><code>The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34649">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27393">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:14:51">
17:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34644 ‼</strong><br><br><code>The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER[&apos;PHP_SELF&apos;] in the ~/multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34644">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27394">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:14:52">
17:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34664 ‼</strong><br><br><code>The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the ~/Checkout/Checkout.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34664">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27395">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:14:53">
17:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-22937 ‼</strong><br><br><code>A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22937">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27396">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:14:54">
17:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-22934 ‼</strong><br><br><code>A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22934">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27397">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:14:55">
17:14
       </div>

       <div class="text">
<strong>‼ CVE-2020-18699 ‼</strong><br><br><code>Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the &apos;Username&apos; parameter of the in component &apos;app/api/cms/user.py&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18699">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27398">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:14:56">
17:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-22940 ‼</strong><br><br><code>Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22940">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27399">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:14:57">
17:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-22936 ‼</strong><br><br><code>A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22936">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27400">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:14:58">
17:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-22939 ‼</strong><br><br><code>If the Node.js https API was used incorrectly and &quot;undefined&quot; was in passed for the &quot;rejectUnauthorized&quot; parameter, no error was returned and connections to servers with an expired certificate would have been accepted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22939">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27401">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:14:59">
17:14
       </div>

       <div class="text">
<strong>‼ CVE-2020-18698 ‼</strong><br><br><code>Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the &apos;login&apos; function in the component &apos;app/api/cms/user.py&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18698">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27402">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:15:00">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-22932 ‼</strong><br><br><code>An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected “Enable Encryptionâ€� in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected “Enable Encryptionâ€� immediately after running the tool are unaffected by this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22932">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27403">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:15:01">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-34641 ‼</strong><br><br><code>The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34641">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27404">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:15:02">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-37707 ‼</strong><br><br><code>### Impact Manipulation of product reviews via API ### Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/#shopware-6 ### Workarounds For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37707">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27405">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:15:04">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2020-18701 ‼</strong><br><br><code>Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user&apos;s authentication token upon logout, which allows for replaying packets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18701">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27406">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:15:05">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-34657 ‼</strong><br><br><code>The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the ~/vendor/Org_Heigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.11.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34657">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27407">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:15:06">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-22933 ‼</strong><br><br><code>A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22933">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27408">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:15:08">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-34658 ‼</strong><br><br><code>The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER[&apos;PHP_SELF&apos;] in the ~/simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34658">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27409">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:15:10">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0114 ‼</strong><br><br><code>Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0114">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27410">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:15:11">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-34656 ‼</strong><br><br><code>The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.2.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34656">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27411">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 17:15:13">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-34666 ‼</strong><br><br><code>The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the ~/wp_sidebarMenu.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34666">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27412">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 19:14:54">
19:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32827 ‼</strong><br><br><code>MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. An attacker that can trick a victim into visiting a malicious site while running MockServer locally, will be able to run arbitrary code on the MockServer machine. With an overly broad default CORS configuration MockServer allows any site to send cross-site requests. Additionally, MockServer allows you to create dynamic expectations using Javascript or Velocity templates. Both engines may allow an attacker to execute arbitrary code on-behalf of MockServer. By combining these two issues (Overly broad CORS configuration + Script injection), an attacker could serve a malicious page so that if a developer running MockServer visits it, they will get compromised. For more details including a PoC see the referenced GHSL-2021-059.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32827">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27413">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 19:14:55">
19:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-37708 ‼</strong><br><br><code>Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37708">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27414">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 19:14:56">
19:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-21859 ‼</strong><br><br><code>An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the &apos;stri&apos; FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21859">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27415">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 19:14:57">
19:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-21860 ‼</strong><br><br><code>An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, &apos;trik&apos;, is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21860">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27416">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 19:14:58">
19:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38608 ‼</strong><br><br><code>Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38608">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27417">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 19:15:02">
19:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-32826 ‼</strong><br><br><code>Proxyee-Down is open source proxy software. An attacker being able to provide an extension script (eg: through a MiTM attack or by hosting a malicious extension) may be able to run arbitrary commands on the system running Proxyee-Down. For more details including a PoC see the referenced GHSL-2021-053. As of the writing of this CVE there is currently no patched version.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32826">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27418">

      <div class="body">

       <div class="pull_right date details" title="16.08.2021 19:15:03">
19:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-21861 ‼</strong><br><br><code>An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the &apos;hdlr&apos; FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21861">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-869">

      <div class="body details">
17 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27419">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 10:09:44">
10:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ How to Reduce Exchange Server Downtime in Case of a Disaster? ❌</strong><br><br><code>Exchange downtime can have serious implications on businesses. Thus, it’s important to maintain backups and implement best practices for Exchange servers that can help restore the Exchange server when a disaster strikes with minimal impact and downtime.</code><br><br><a href="https://threatpost.com/how-to-reduce-exchange-server-downtime/168344/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27420">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 11:09:47">
11:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Apple: CSAM Image-Detection Backdoor ‘Narrow’ in Scope ❌</strong><br><br><code>Computing giant tries to reassure users that the tool won’t be used for mass surveillance.</code><br><br><a href="https://threatpost.com/apple-image-detection-backdoor/168727/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27421">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 12:09:47">
12:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Terrorist Watchlist Exposed Online with Nearly 1.9M Records ❌</strong><br><br><code>A researcher discovered a data cache from the FBI’s Terrorist Screening Center left online without a password or authentication requirement.</code><br><br><a href="https://threatpost.com/terrorist-watchlist-exposed-online/168737/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27422">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 12:18:33">
12:18
       </div>

       <div class="text">
<strong>🛠 TOR Virtual Network Tunneling Tool 0.4.6.7</strong> <strong>🛠</strong><br><br><code>Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/163862/tor-0.4.6.7.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27423">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 12:34:38">
12:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Top 5 tech annoyances 🦿</strong><br><br><code>Tom Merritt tells us his top five annoyances in tech and why they are frustrating.</code><br><br><a href="https://www.techrepublic.com/article/top-5-tech-annoyances/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27424">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 12:34:39">
12:34
       </div>

       <div class="text">
<strong>🦿 The 5 most annoying things in technology 🦿</strong><br><br><code>These five things are driving us crazy, says Tom Merritt. There&apos;s hope for some to get better.</code><br><br><a href="https://www.techrepublic.com/videos/the-5-most-annoying-things-in-technology/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27425">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 13:15:46">
13:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-4706 ‼</strong><br><br><code>IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4706">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27426">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 13:15:47">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-25956 ‼</strong><br><br><code>In “Dolibarrâ€� application, v3.3.beta1_20121221 to v13.0.2 have “Modifyâ€� access for admin level users to change other user’s details but fails to validate already existing “Loginâ€� name, while renaming the user “Loginâ€�. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25956">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27427">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 13:15:48">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-34407 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-30480. Reason: This candidate is a reservation duplicate of CVE-2021-30480. Notes: All CVE users should reference CVE-2021-30480 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34407">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27428">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 13:15:49">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-25957 ‼</strong><br><br><code>In “Dolibarrâ€� application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25957">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27429">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 13:15:50">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2020-4992 ‼</strong><br><br><code>IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4992">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27430">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 13:39:48">
13:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop ❌</strong><br><br><code>A remote attacker could exploit a critical vulnerability to eavesdrop on live audio &amp; video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices.</code><br><br><a href="https://threatpost.com/bug-iot-millions-devices-attackers-eavesdrop/168729/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27431">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 14:06:51">
14:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Copyright scammers turn to phone numbers instead of web links ⚠</strong><br><br><code>Forewarned is forearmed. Here&apos;s our advice on dealing with &quot;copyright infringement&quot; scammers.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/16/copyright-scammers-turn-to-phone-numbers-instead-of-web-links/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27432">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 14:06:52">
14:06
       </div>

       <div class="text">
<strong>⚠ Video surveillance network hacked by researchers to hijack footage ⚠</strong><br><br><code>Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/17/video-surveillance-network-hacked-by-researchers-to-hijack-footage/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27433">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 14:09:53">
14:09
       </div>

       <div class="text">
<strong>❌ LockBit 2.0 Ransomware Proliferates Globally ❌</strong><br><br><code>Fresh attacks target companies&apos; employees, promising millions of dollars in exchange for valid account credentials for initial access.</code><br><br><a href="https://threatpost.com/lockbit-ransomware-proliferates-globally/168746/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27434">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 15:15:53">
15:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3459 ‼</strong><br><br><code>A privilege escalation vulnerability was reported in the MM1000 device configuration web server, which could allow privileged shell access and/or arbitrary privileged commands to be executed on the adapter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3459">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27435">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 15:15:54">
15:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-3633 ‼</strong><br><br><code>A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3633">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27436">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 15:15:55">
15:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-3615 ‼</strong><br><br><code>A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3615">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27437">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 15:15:55">
15:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-3616 ‼</strong><br><br><code>A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3616">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27438">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 15:15:56">
15:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-32829 ‼</strong><br><br><code>ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution (RCE) via bypass of the Groovy shell sandbox. The REST API exposes the GET zstack/v1/batch-queries?script endpoint which is backed up by the BatchQueryAction class. Messages are represented by the APIBatchQueryMsg, dispatched to the QueryFacadeImpl facade and handled by the BatchQuery class. The HTTP request parameter script is mapped to the APIBatchQueryMsg.script property and evaluated as a Groovy script in BatchQuery.query the evaluation of the user-controlled Groovy script is sandboxed by SandboxTransformer which will apply the restrictions defined in the registered (sandbox.register()) GroovyInterceptor. Even though the sandbox heavily restricts the receiver types to a small set of allowed types, the sandbox is non effective at controlling any code placed in Java annotations and therefore vulnerable to meta-programming escapes. This issue leads to post-authenticated remote code execution. For more details see the referenced GHSL-2021-065. This issue is patched in versions 3.8.21, 3.10.8, and 4.1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32829">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27439">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 15:16:00">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-3617 ‼</strong><br><br><code>A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3617">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27440">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 15:16:02">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-28846 ‼</strong><br><br><code>Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28846">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27441">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 15:16:03">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-3458 ‼</strong><br><br><code>The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3458">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27442">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 15:34:41">
15:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Data privacy is a growing concern for more consumers 🦿</strong><br><br><code>People surveyed by KPMG reported feeling increasingly uneasy about the data collection practices of corporations.</code><br><br><a href="https://www.techrepublic.com/article/data-privacy-is-a-growing-concern-for-more-consumers/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27443">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 16:09:53">
16:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ The Overlooked Security Risks of The Cloud ❌</strong><br><br><code>Nate Warfield, CTO of Prevaliion, discusses the top security concerns for those embracing virtual machines, public cloud storage and cloud strategies for remote working.</code><br><br><a href="https://threatpost.com/security-risks-cloud/168754/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27444">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:04:44">
17:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Data privacy laws are constantly changing: Make sure your business is up to date 🦿</strong><br><br><code>Lawyer who specializes in data privacy discusses the importance of knowing the law no matter what size business you operate.</code><br><br><a href="https://www.techrepublic.com/article/data-privacy-laws-are-constantly-changing-make-sure-your-business-is-up-to-date/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27445">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:04:45">
17:04
       </div>

       <div class="text">
<strong>🦿 Lawyer discusses the evolving data privacy laws for businesses 🦿</strong><br><br><code>Every size company should know the laws regarding data privacy to avoid legal issues. Here&apos;s why it&apos;s important.</code><br><br><a href="https://www.techrepublic.com/videos/lawyer-discusses-the-evolving-data-privacy-laws-for-businesses/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27446">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:15:56">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0642 ‼</strong><br><br><code>In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-185126149</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0642">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27447">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:15:57">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-39242 ‼</strong><br><br><code>An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39242">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27448">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:15:58">
17:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-32830 ‼</strong><br><br><code>The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. All versions of this package are vulnerable as of the writing of this CVE.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32830">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27449">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:00">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0573 ‼</strong><br><br><code>In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231635</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0573">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27450">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:02">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-22156 ‼</strong><br><br><code>An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22156">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27451">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:04">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0574 ‼</strong><br><br><code>In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187234876</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0574">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27452">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:05">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-29056 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29056">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27453">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:06">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0581 ‼</strong><br><br><code>In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231638</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0581">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27454">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:08">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0639 ‼</strong><br><br><code>In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0639">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27455">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:10">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39241 ‼</strong><br><br><code>An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such as in the &quot;GET /admin? HTTP/1.1 /static/images HTTP/1.1&quot; example.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39241">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27456">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:11">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-29548 ‼</strong><br><br><code>An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29548">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27457">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:12">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0646 ‼</strong><br><br><code>In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process&apos;s SQL with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-153352319</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0646">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27458">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:14">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-29313 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php,</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29313">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27459">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:15">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0578 ‼</strong><br><br><code>In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187161772</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0578">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27460">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:16">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-22937 ‼</strong><br><br><code>A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22937">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27461">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:17">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0576 ‼</strong><br><br><code>In flv extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187236084</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0576">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27462">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:18">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39240 ‼</strong><br><br><code>An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from what the routing rules were intended to achieve.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39240">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27463">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:19">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0641 ‼</strong><br><br><code>In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0641">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27464">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:20">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0579 ‼</strong><br><br><code>In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231636</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0579">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27465">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 17:16:22">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0591 ‼</strong><br><br><code>In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179386960</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0591">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27466">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 21:16:07">
21:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-28372 ‼</strong><br><br><code>ThroughTek&apos;s Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim&apos;s connection and forcing them into supplying credentials needed to access the victim TUTK device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28372">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27467">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 21:16:08">
21:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39131 ‼</strong><br><br><code>ced detects character encoding using Google’s compact_enc_det library. In ced v0.1.0, passing data types other than `Buffer` causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ced, verify it’s a `Buffer` using `Buffer.isBuffer(obj)`.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39131">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27468">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 21:16:09">
21:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0284 ‼</strong><br><br><code>A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: &quot;eventd[13955]: SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down&quot; This issue is only triggered by traffic destined to the device. Transit traffic will not trigger this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0284">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27469">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 21:16:10">
21:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-23333 ‼</strong><br><br><code>A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27470">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 21:16:11">
21:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-23332 ‼</strong><br><br><code>A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23332">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27471">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 21:16:13">
21:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-23334 ‼</strong><br><br><code>A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTerminatedStringAtom component of Bento4 version 06c39d9 can lead to a segmentation fault.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23334">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27472">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 21:16:14">
21:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39250 ‼</strong><br><br><code>Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39250">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27473">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 21:16:15">
21:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39249 ‼</strong><br><br><code>Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39249">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27474">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 21:16:16">
21:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-23330 ‼</strong><br><br><code>An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27475">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 21:16:16">
21:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-23341 ‼</strong><br><br><code>A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23341">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27476">

      <div class="body">

       <div class="pull_right date details" title="17.08.2021 21:16:20">
21:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-23331 ‼</strong><br><br><code>An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_DecoderConfigDescriptor::WriteFields component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23331">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-870">

      <div class="body details">
18 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27477">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:36">
07:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20792 ‼</strong><br><br><code>Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20792">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27478">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:37">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20756 ‼</strong><br><br><code>Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20756">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27479">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:39">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20763 ‼</strong><br><br><code>Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20763">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27480">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:40">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20769 ‼</strong><br><br><code>Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20769">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27481">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:41">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20758 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20758">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27482">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:42">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20770 ‼</strong><br><br><code>Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20770">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27483">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:43">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20760 ‼</strong><br><br><code>Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20760">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27484">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:45">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20759 ‼</strong><br><br><code>Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20759">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27485">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:46">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20771 ‼</strong><br><br><code>Cross-site scripting vulnerability in some functions of Group Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20771">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27486">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:47">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-3587 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38208. Reason: This candidate is a reservation duplicate of CVE-2021-38208. Notes: All CVE users should reference CVE-2021-38208 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3587">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27487">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:48">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20768 ‼</strong><br><br><code>Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20768">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27488">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:49">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20754 ‼</strong><br><br><code>Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20754">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27489">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:51">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-33580 ‼</strong><br><br><code>User controlled `request.getHeader(&quot;Referer&quot;)`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn&apos;t have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33580">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27490">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:52">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20775 ‼</strong><br><br><code>Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20775">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27491">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:53">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20765 ‼</strong><br><br><code>Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20765">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27492">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:54">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20772 ‼</strong><br><br><code>Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20772">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27493">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:55">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20761 ‼</strong><br><br><code>Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20761">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27494">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:16:55">
07:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20773 ‼</strong><br><br><code>There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20773">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27495">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:17:00">
07:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-20764 ‼</strong><br><br><code>Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20764">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27496">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 07:17:00">
07:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-20757 ‼</strong><br><br><code>Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20757">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27497">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 09:10:21">
09:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Unpatched Fortinet Bug Allows Firewall Takeovers ❌</strong><br><br><code>The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch at the end of the month.</code><br><br><a href="https://threatpost.com/unpatched-fortinet-bug-firewall-takeovers/168764/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27498">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 09:16:42">
09:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-31820 ‼</strong><br><br><code>In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31820">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27499">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 10:40:25">
10:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Kerberos Authentication Spoofing: Don’t Bypass the Spec ❌</strong><br><br><code>Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.</code><br><br><a href="https://threatpost.com/kerberos-authentication-spoofing/168767/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27500">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:16:46">
11:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21847 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “sttsâ€� decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21847">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27501">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:16:47">
11:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-21837 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21837">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27502">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:16:48">
11:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-21825 ‼</strong><br><br><code>A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&amp;T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21825">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27503">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:16:49">
11:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-21839 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21839">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27504">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:16:50">
11:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-21858 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21858">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27505">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:16:54">
11:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-21846 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stszâ€� decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21846">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27506">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:16:55">
11:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-21856 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21856">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27507">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:16:56">
11:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-21844 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stcoâ€� FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21844">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27508">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:16:57">
11:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-21838 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21838">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27509">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:16:58">
11:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-21852 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stssâ€� decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21852">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27510">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:16:59">
11:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-21854 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21854">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27511">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:17:00">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-21853 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21853">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27512">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:17:01">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-21851 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “csgpâ€� decoder sample group description indices can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21851">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27513">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:17:02">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-21857 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21857">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27514">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:17:03">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-21845 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stscâ€� decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21845">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27515">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:17:05">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-21843 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21843">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27516">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:17:06">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-21855 ‼</strong><br><br><code>Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21855">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27517">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 11:40:25">
11:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Memory Bugs in BlackBerry’s QNX Embedded OS Open Devices to Attacks ❌</strong><br><br><code>The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices.</code><br><br><a href="https://threatpost.com/blackberrys-qnx-devices-attacks/168772/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27518">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:16:51">
13:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-0415 ‼</strong><br><br><code>In memory management driver, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336692.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0415">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27519">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:16:52">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-37714 ‼</strong><br><br><code>jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37714">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27520">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:16:53">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0408 ‼</strong><br><br><code>In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489195; Issue ID: ALPS05489220.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0408">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27521">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:16:54">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0419 ‼</strong><br><br><code>In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336713.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0419">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27522">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:16:55">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-21862 ‼</strong><br><br><code>Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption The implementation of the parser used for the “Xtraâ€� FOURCC code is handled. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21862">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27523">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:16:59">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-37358 ‼</strong><br><br><code>SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component &quot;admin_ajax.php?action=checkrepeat&amp;v_name=&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27524">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:00">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-0627 ‼</strong><br><br><code>In OMA DRM, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722434; Issue ID: ALPS05722434.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0627">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27525">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:02">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-37702 ‼</strong><br><br><code>Pimcore is an open source data &amp; experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37702">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27526">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:03">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-0417 ‼</strong><br><br><code>In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0417">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27527">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:04">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-0416 ‼</strong><br><br><code>In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0416">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27528">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:05">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-0626 ‼</strong><br><br><code>In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687510; Issue ID: ALPS05687510.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0626">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27529">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:06">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-18746 ‼</strong><br><br><code>SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component &quot;aitecms/login/diy_list.php&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18746">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27530">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:07">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-21867 ‼</strong><br><br><code>A unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21867">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27531">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:09">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-0420 ‼</strong><br><br><code>In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381065.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0420">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27532">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:10">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-0418 ‼</strong><br><br><code>In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0418">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27533">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:11">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-21868 ‼</strong><br><br><code>A unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21868">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27534">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:12">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-0628 ‼</strong><br><br><code>In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722454; Issue ID: ALPS05722454.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0628">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27535">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:14">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-21781 ‼</strong><br><br><code>An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21781">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27536">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:15">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-38710 ‼</strong><br><br><code>Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITE_NAME parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38710">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27537">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 13:17:17">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-0407 ‼</strong><br><br><code>In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0407">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27538">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 14:05:10">
14:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 The top 3 cryptocurrency scams of 2021 🦿</strong><br><br><code>Kaspersky says that fake exchanges, fake mining hardware and wallet phishing are the most popular crypto scams of the year, many of which it said have a higher-than-usual level of detail.</code><br><br><a href="https://www.techrepublic.com/article/the-top-3-cryptocurrency-scams-of-2021/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27539">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 14:08:11">
14:08
       </div>

       <div class="text">
<strong>⚠ Video surveillance network hacked by researchers to hijack footage ⚠</strong><br><br><code>Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/17/video-surveillance-network-hacked-by-researchers-to-hijack-footage/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27540">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:10:34">
15:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ T-Mobile: &gt;40 Million Customers’ Data Stolen ❌</strong><br><br><code>Attackers stole tens of millions of current, former or prospective customers&apos; personal data, the company confirmed. It&apos;s providing 2 years of free ID protection.</code><br><br><a href="https://threatpost.com/t-mobile-40-million-customers-data-stolen/168778/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27541">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:16:54">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-23425 ‼</strong><br><br><code>All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23425">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27542">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:16:54">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39283 ‼</strong><br><br><code>liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39283">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27543">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:16:55">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-23069 ‼</strong><br><br><code>Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23069">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27544">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:16:56">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-28146 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27545">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:16:57">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39282 ‼</strong><br><br><code>Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39282">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27546">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:17:01">
15:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-18875 ‼</strong><br><br><code>Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27547">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:17:02">
15:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-32728 ‼</strong><br><br><code>The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0. There are no known workarounds aside from upgrading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32728">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27548">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:17:03">
15:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-23424 ‼</strong><br><br><code>This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23424">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27549">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:35:11">
15:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Hackers are getting better at their jobs, but people are getting better at prevention 🦿</strong><br><br><code>Expert says people are becoming smarter about the links they click on and noticing the ones they shouldn&apos;t, giving hope for the future of cybersecurity.</code><br><br><a href="https://www.techrepublic.com/article/hackers-are-getting-better-at-their-jobs-but-people-are-getting-better-at-prevention/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27550">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:35:13">
15:35
       </div>

       <div class="text">
<strong>🦿 ICS vulnerability reports are increasing in number and severity, and exploit complexity is dropping 🦿</strong><br><br><code>71% of vulnerabilities found in the first half of 2021 are classified as high or critical, and 90% are of low complexity, meaning an attacker can expect repeated success under a variety of conditions, says Claroty.</code><br><br><a href="https://www.techrepublic.com/article/ics-vulnerability-reports-are-increasing-in-number-and-severity-and-exploit-complexity-is-dropping/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27551">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:35:14">
15:35
       </div>

       <div class="text">
<strong>🦿 Cybercriminals are getting more sophisticated and better at going unnoticed 🦿</strong><br><br><code>Human error is still responsible for the majority of breaches, but we&apos;re getting better about watching for suspicious links, expert says.</code><br><br><a href="https://www.techrepublic.com/videos/cybercriminals-are-getting-more-sophisticated-and-better-at-going-unnoticed/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27552">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 15:40:34">
15:40
       </div>

       <div class="text">
<strong>❌ Bogus Cryptomining Apps Infest Google Play ❌</strong><br><br><code>The apps attempt to swindle users into buying in-app upgrades or clicking on masses of ads.</code><br><br><a href="https://threatpost.com/bogus-cryptomining-apps-google-play/168785/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27553">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 16:42:41">
16:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Banking Groups Push Back Against 24 Hour Breach Disclosure Bill 🔏</strong><br><br><code>Recent plans to adjust federal rules around disclosing data breaches have drawn the ire of the banking community.</code><br><br><a href="https://digitalguardian.com/blog/banking-groups-push-back-against-24-hour-breach-disclosure-bill">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27554">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:05:13">
17:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Zero-trust security is a great preventer of cyberattacks, expert says 🦿</strong><br><br><code>The zero-trust model prevents attacks, but also greatly limits the impact of a successful breach, such as a ransomware attack.</code><br><br><a href="https://www.techrepublic.com/videos/zero-trust-security-is-a-great-preventer-of-cyberattacks-expert-says/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27555">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:16:59">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-22120 ‼</strong><br><br><code>A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&amp;part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22120">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27556">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:17:00">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-39270 ‼</strong><br><br><code>In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39270">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27557">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:17:01">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-25218 ‼</strong><br><br><code>In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25218">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27558">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:17:02">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-22124 ‼</strong><br><br><code>A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22124">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27559">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:17:03">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-25928 ‼</strong><br><br><code>The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(), getoffset(), dnc_set_answer(). The attack vector is: a specific DNS response packet. The code does not check the &quot;response data length&quot; field of individual DNS answers, which may cause out-of-bounds read/write operations, leading to Information leak, Denial-or-Service, or Remote Code Execution, depending on the context.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25928">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27560">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:17:04">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-25927 ‼</strong><br><br><code>The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25927">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27561">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:17:05">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-37617 ‼</strong><br><br><code>The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the `Uninstall.exe` file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious `Uninstall.exe`, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not allow untrusted users to create content in the `C:\` system folder and verify that there is no malicious `C:\Uninstall.exe` file on the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37617">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27562">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:17:06">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-25926 ‼</strong><br><br><code>The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25926">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27563">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:17:07">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-39286 ‼</strong><br><br><code>Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39286">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27564">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:17:07">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-25767 ‼</strong><br><br><code>An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which leads to an Out-of-bounds Read, and a Denial-of-Service as a consequence.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25767">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27565">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:17:11">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-19669 ‼</strong><br><br><code>Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&amp;c=Admin&amp;a=admin_add&amp;lang=cn.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19669">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27566">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:17:12">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-22122 ‼</strong><br><br><code>A SQL injection vulnerability in /oa.php?c=Staff&amp;a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22122">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27567">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 17:35:17">
17:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Expert: Cyberattacks in the energy sector put lives in danger 🦿</strong><br><br><code>Zero-trust is a good way to prevent hackers from gaining control of our infrastructure and energy industries, expert says.</code><br><br><a href="https://www.techrepublic.com/article/expert-cyberattacks-in-the-energy-sector-put-lives-in-danger/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27568">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 19:17:05">
19:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34745 ‼</strong><br><br><code>A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34745">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27569">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 19:17:06">
19:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-34730 ‼</strong><br><br><code>A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34730">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27570">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 19:17:08">
19:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-34749 ‼</strong><br><br><code>A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34749">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27571">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 19:17:09">
19:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-1561 ‼</strong><br><br><code>A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists because access to the spam quarantine feature is not properly restricted. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to modify another user&apos;s spam quarantine settings, possibly disabling security controls or viewing email messages stored on the spam quarantine interfaces.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27572">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 19:17:10">
19:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-34715 ‼</strong><br><br><code>A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges (the _nobody account) on the underlying operating system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34715">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27573">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 19:17:11">
19:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-34734 ‼</strong><br><br><code>A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for the Cisco Video Surveillance 7000 Series IP Cameras firmware could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34734">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27574">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 19:17:13">
19:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-34716 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrect handling of certain crafted software images that are uploaded to the affected device. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then uploading specific crafted software images to the affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34716">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27575">

      <div class="body">

       <div class="pull_right date details" title="18.08.2021 19:17:14">
19:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-22345 ‼</strong><br><br><code>/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22345">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-871">

      <div class="body details">
19 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27576">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 09:07:53">
09:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep46: Copyright scams, video snooping and Grand Theft Crypto [Podcast] ⚠</strong><br><br><code>Lastest episode - listen, laugh and learn! This week, Chester Wisniewski joins us on the show.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/19/s3-ep46-copyright-scams-video-snooping-and-grand-theft-crypto-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27577">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 09:17:46">
09:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-31228 ‼</strong><br><br><code>An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query&apos;s source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client&apos;s requests (without sniffing the specific request). Data is predictable because it is based on the time of day, and has too few bits.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31228">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27578">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 09:17:47">
09:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-31227 ‼</strong><br><br><code>An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31227">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27579">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 09:17:48">
09:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-31226 ‼</strong><br><br><code>An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads to a heap overflow in wbs_post() via an strcpy() call.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31226">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27580">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 09:17:50">
09:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-31400 ‼</strong><br><br><code>An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment&apos;s data. If the panic function hadn&apos;t a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31400">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27581">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 10:05:41">
10:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Knockoff semiconductor chips flood the enterprise market 🦿</strong><br><br><code>As the predominantly pandemic-caused global chip shortage rolls on, businesses are now facing another challenge — component scams and bogus supply-chain claims.</code><br><br><a href="https://www.techrepublic.com/article/knockoff-semiconductor-chips-flood-the-enterprise-market/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27582">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 11:17:52">
11:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39273 ‼</strong><br><br><code>In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39273">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27583">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 11:17:53">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36762 ‼</strong><br><br><code>An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn&apos;t ensure that a filename is adequately &apos;\0&apos; terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet buffer (if no &apos;\0&apos; byte exists within a reasonable range).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36762">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27584">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 11:17:54">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-35684 ‼</strong><br><br><code>An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35684">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27585">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 11:17:55">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-27565 ‼</strong><br><br><code>The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger hook.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27565">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27586">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 11:17:57">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-39274 ‼</strong><br><br><code>In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution with root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39274">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27587">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 11:17:58">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-31401 ‼</strong><br><br><code>An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn&apos;t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31401">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27588">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 11:17:59">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-35685 ‼</strong><br><br><code>An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35685">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27589">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 11:18:00">
11:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-35683 ‼</strong><br><br><code>An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35683">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27590">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 11:41:14">
11:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Postmortem on U.S. Census Hack Exposes Cybersecurity Failures ❌</strong><br><br><code>Government says cybersecurity failures were many within failed January hack of U.S. Census Bureau systems.</code><br><br><a href="https://threatpost.com/postmortem-on-u-s-census-hack-exposes-cybersecurity-failures/168814/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27591">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 13:05:41">
13:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 83 million devices using the Kalay protocol are at risk for remote takeover. Are yours? 🦿</strong><br><br><code>ThroughTek&apos;s Kalay is used to manage security cameras, baby monitors, DVRs and more. A newly discovered flaw lets attackers watch, listen and steal recordings from hardware sold by dozens of vendors.</code><br><br><a href="https://www.techrepublic.com/article/83-million-devices-using-the-kalay-protocol-are-at-risk-for-remote-takeover-are-yours/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27592">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 13:05:43">
13:05
       </div>

       <div class="text">
<strong>🦿 It&apos;s time to retire the Social Security number 🦿</strong><br><br><code>With 40 million people having their SSN exposed during the T-Mobile hack, it&apos;s time to reconsider the usefulness of the Social Security number.</code><br><br><a href="https://www.techrepublic.com/article/its-time-to-retire-the-social-security-number/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27593">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 13:05:43">
13:05
       </div>

       <div class="text">
<strong>🦿 15 highest-paying certifications for 2021 🦿</strong><br><br><code>The top certification on the annual Skillsoft list has a salary of more than $171,000. Find out what certifications you should be working toward.</code><br><br><a href="https://www.techrepublic.com/article/the-15-highest-paying-certifications-for-2021/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27594">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 13:17:56">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-27822 ‼</strong><br><br><code>A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27822">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27595">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 13:17:57">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-27999 ‼</strong><br><br><code>A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27999">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27596">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 13:17:58">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-28000 ‼</strong><br><br><code>A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27597">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 13:17:59">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-28002 ‼</strong><br><br><code>A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the &apos;Articles&apos; page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28002">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27598">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 13:18:00">
13:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-28001 ‼</strong><br><br><code>A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28001">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27599">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 13:41:11">
13:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate ❌</strong><br><br><code>COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors.</code><br><br><a href="https://threatpost.com/covid-contact-tracing-exposed-fake-vax-cards/168821/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27600">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 14:11:16">
14:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Windows EoP Bug Detailed by Google Project Zero ❌</strong><br><br><code>Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention.</code><br><br><a href="https://threatpost.com/windows-eop-bug-detailed-by-google-project-zero/168823/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27601">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 14:35:46">
14:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to configure SSH access through Webmin 🦿</strong><br><br><code>Looking for an easier way to configure SSH on your data center servers? How about Webmin? Jack Wallen walks you through some of the options for better SSH security using this web-based GUI.</code><br><br><a href="https://www.techrepublic.com/article/how-to-configure-ssh-access-through-webmin/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27602">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 14:35:47">
14:35
       </div>

       <div class="text">
<strong>🦿 T-Mobile breach exposed personal data of almost 50 million people 🦿</strong><br><br><code>Attackers captured the names, dates of birth, Social Security numbers and driver&apos;s license numbers of millions of current, former and potential T-Mobile customers.</code><br><br><a href="https://www.techrepublic.com/article/t-mobile-breach-exposed-personal-data-of-almost-50-million-people/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27603">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 15:18:10">
15:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-18748 ‼</strong><br><br><code>Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18748">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27604">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 15:18:12">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-37698 ‼</strong><br><br><code>Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server&apos;s certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version 2.13.1, 2.12.6, or 2.11.11 to patch the issue. Such instances should also change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB. There are no workarounds aside from upgrading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37698">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27605">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 15:18:14">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2013-1791 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1791">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27606">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 15:18:15">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-31338 ‼</strong><br><br><code>A vulnerability has been identified in SINEMA Remote Connect Client (All versions &lt; V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27607">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 15:18:16">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2013-1837 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1837">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27608">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 15:18:18">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-39138 ‼</strong><br><br><code>Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates session incorrectly. Particularly, the `authProvider` field in `_Session` class under `createdWith` shows the user logged in creating a password. If a developer later depends on the `createdWith` field to provide a different level of access between a password user and anonymous user, the server incorrectly classified the session type as being created with a `password`. The server does not currently use `createdWith` to make decisions about internal functions, so if a developer is not using `createdWith` directly, they are not affected. The vulnerability only affects users who depend on `createdWith` by using it directly. The issue is patched in Parse Server version 4.5.1. As a workaround, do not use the `createdWith` Session field to make decisions if one allows anonymous login.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39138">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27609">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 15:18:19">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2013-0344 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0344">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27610">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 15:18:20">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-24038 ‼</strong><br><br><code>Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24038">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27611">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 15:18:21">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-29280 ‼</strong><br><br><code>In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29280">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27612">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 15:18:23">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-31868 ‼</strong><br><br><code>Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31868">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27613">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 15:18:24">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-39302 ‼</strong><br><br><code>MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions[&apos;org&apos;] value.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39302">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27614">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 15:18:25">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-34645 ‼</strong><br><br><code>The Shopping Cart &amp; eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34645">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27615">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 16:05:45">
16:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Why it&apos;s important to create a common language of cyber risk 🦿</strong><br><br><code>All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.</code><br><br><a href="https://www.techrepublic.com/article/why-its-important-to-create-a-common-language-of-cyber-risk/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27616">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 16:13:22">
16:13
       </div>

       <div class="text">
<strong>🔏 US Trade Commission Looking into 3D Imaging Trade Secret Theft 🔏</strong><br><br><code>One firm claims another took its trade secrets and brought them to China to manufacture the product at a lower cost.</code><br><br><a href="https://digitalguardian.com/blog/us-trade-commission-looking-3d-imaging-trade-secret-theft">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27617">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 17:18:12">
17:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-28490 ‼</strong><br><br><code>In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28490">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27618">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 17:18:14">
17:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-20642 ‼</strong><br><br><code>Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&amp;c=Filemanager&amp;a=newfile&amp;lang=cn.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20642">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27619">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 17:18:16">
17:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-37597 ‼</strong><br><br><code>WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37597">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27620">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 17:18:17">
17:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-37598 ‼</strong><br><br><code>WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37598">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27621">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 17:18:18">
17:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-20645 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20645">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27622">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 17:41:18">
17:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Critical Cisco Bug in Small Business Routers to Remain Unpatched ❌</strong><br><br><code>The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.</code><br><br><a href="https://threatpost.com/critical-cisco-bug-routers-unpatched/168831/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27623">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 17:41:20">
17:41
       </div>

       <div class="text">
<strong>❌ InkySquid State Actor Exploiting Known IE Bugs ❌</strong><br><br><code>The North Korea-linked APT group leverages known Internet Explorer vulns for watering-hole attacks.</code><br><br><a href="https://threatpost.com/inkysquid-exploiting-ie-bugs/168833/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27624">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 18:41:22">
18:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ How Ready Are You for a Ransomware Attack? ❌</strong><br><br><code>Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement.</code><br><br><a href="https://threatpost.com/how-ready-ransomware-attack/168837/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27625">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 19:11:22">
19:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ What’s Next for T-Mobile and Its Customers? – Podcast ❌</strong><br><br><code>Hopefully not a hacked-up hairball of a “no can do” message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite.</code><br><br><a href="https://threatpost.com/whats-next-for-t-mobile-and-its-customers-podcast/168813/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27626">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 21:18:22">
21:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-18900 ‼</strong><br><br><code>A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128 allows attackers to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18900">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27627">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 21:18:24">
21:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-18897 ‼</strong><br><br><code>An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18897">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27628">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 21:18:25">
21:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-18899 ‼</strong><br><br><code>An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18899">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27629">

      <div class="body">

       <div class="pull_right date details" title="19.08.2021 21:18:26">
21:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-18898 ‼</strong><br><br><code>A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18898">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-872">

      <div class="body details">
20 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27630">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 10:06:14">
10:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to protect your T-Mobile account in light of the latest data breach 🦿</strong><br><br><code>In response to a breach that compromised the personal data of millions of subscribers, T-Mobile customers should change their password and PIN and set up two-step verification.</code><br><br><a href="https://www.techrepublic.com/article/how-to-protect-your-t-mobile-account-in-light-of-the-latest-data-breach/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27631">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 11:11:55">
11:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Nigerian Threat Actors Solicits Employees to Deploy Ransomware for Cut of Profits ❌</strong><br><br><code>Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organization’s network.</code><br><br><a href="https://threatpost.com/nigerian-solicits-employees-ransomware-profits/168849/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27632">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 12:26:56">
12:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 OpenSSH 8.7p1 🛠</strong><br><br><code>This is a Linux/portable port of OpenBSD&apos;s excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen&apos;s SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.</code><br><br><a href="https://packetstormsecurity.com/files/163894/openssh-8.7p1.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27633">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 13:06:43">
13:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 It&apos;s time to retire the Social Security number 🦿</strong><br><br><code>With 40 million people having their SSN exposed during the T-Mobile hack, it&apos;s time to reconsider the usefulness of the Social Security number.</code><br><br><a href="https://www.techrepublic.com/article/its-time-to-retire-the-social-security-number/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27634">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 13:06:45">
13:06
       </div>

       <div class="text">
<strong>🦿 Great Resignation hits IT departments and companies are switching strategies 🦿</strong><br><br><code>To ensure business continuity amid high turnover, many CIOs are planning to alter their strategies to make the company &quot;less dependent on employee institutional knowledge,&quot; says PwC.</code><br><br><a href="https://www.techrepublic.com/article/great-resignation-hits-it-departments-and-companies-are-switching-strategies/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27635">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 13:09:18">
13:09
       </div>

       <div class="text">
<strong>⚠ Japanese cryptocoin exchange robbed of $100,000,000 ⚠</strong><br><br><code>Another week, another cryptocurrency catastrophe. This time, it&apos;s &quot;only&quot; $100 million&apos;s worth...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/20/japanese-cryptocoin-exchange-robbed-of-100000000/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27636">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 13:09:18">
13:09
       </div>

       <div class="text">
<strong>⚠ S3 Ep46: Copyright scams, video snooping and Grand Theft Crypto [Podcast] ⚠</strong><br><br><code>Lastest episode - listen, laugh and learn! This week, Chester Wisniewski joins us on the show.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/19/s3-ep46-copyright-scams-video-snooping-and-grand-theft-crypto-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27637">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 13:31:51">
13:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-36474 ‼</strong><br><br><code>SafeCurl before 0.9.2 has a DNS rebinding vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36474">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27638">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 13:31:53">
13:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-18886 ‼</strong><br><br><code>Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component &apos;admin/upload_file_do.php&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18886">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27639">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 13:34:48">
13:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-18879 ‼</strong><br><br><code>Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component &apos;bl-kereln/ajax/upload-logo.php&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18879">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27640">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 13:34:50">
13:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-18885 ‼</strong><br><br><code>Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the &quot;text color&quot; field of the component &apos;/admin/web_config.php&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18885">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27641">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 13:34:52">
13:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-18877 ‼</strong><br><br><code>SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the &apos;flag&apos; parameter in the component &apos;/coreframe/app/order/admin/index.php&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18877">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27642">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 14:13:57">
14:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Friday Five 8/20 🔏</strong><br><br><code>Exposed web cams, mistakes made when hiring cybersecurity roles, and a $1 million breach settlement - catch up on the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-8/20">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27643">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 15:19:19">
15:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34228 ‼</strong><br><br><code>Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the &quot;Description&quot; field and &quot;Service Name&quot; field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34228">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27644">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 15:19:20">
15:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-34218 ‼</strong><br><br><code>Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34218">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27645">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 15:19:21">
15:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-34223 ‼</strong><br><br><code>Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the &quot;URL Address&quot; field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34223">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27646">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 15:19:23">
15:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-34207 ‼</strong><br><br><code>Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the &quot;Domain Name&quot; field, &quot;Server Address&quot; field, &quot;User Name/Email&quot;, or &quot;Password/Key&quot; field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34207">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27647">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 15:19:24">
15:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-34215 ‼</strong><br><br><code>Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the &quot;Service Name&quot; field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34215">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27648">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 15:19:25">
15:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-34220 ‼</strong><br><br><code>Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the &quot;User Name&quot; field or &quot;Password&quot; field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34220">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27649">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 15:19:26">
15:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-34433 ‼</strong><br><br><code>In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side&apos;s signature on the client side, if that signature is not included in the server&apos;s ServerKeyExchange.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34433">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27650">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 17:23:31">
17:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-35529 ‼</strong><br><br><code>Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35529">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27651">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 17:23:32">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-35984 ‼</strong><br><br><code>Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability achieve an application denial-of-service in the context of the current user. Exploitation of this issue does not requires user interaction.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27652">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 17:23:34">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-28636 ‼</strong><br><br><code>Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim&apos;s C:/ folder could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28636">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27653">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 17:23:37">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36010 ‼</strong><br><br><code>Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36010">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27654">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 17:23:38">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-28638 ‼</strong><br><br><code>Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28638">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27655">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 17:23:40">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-35986 ‼</strong><br><br><code>Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to read arbitrary system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35986">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27656">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 17:23:42">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-25359 ‼</strong><br><br><code>An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27657">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 17:23:45">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36007 ‼</strong><br><br><code>Adobe Prelude version 10.0 (and earlier) are affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36007">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27658">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 17:23:47">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-28634 ‼</strong><br><br><code>Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on the host machine in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28634">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27659">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 17:23:48">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-35991 ‼</strong><br><br><code>Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27660">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 17:23:49">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-28641 ‼</strong><br><br><code>Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28641">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27661">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 18:42:05">
18:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Web Censorship Systems Can Facilitate Massive DDoS Attacks ❌</strong><br><br><code>Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks.</code><br><br><a href="https://threatpost.com/censorship-systems-ddos-attacks/168853/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27662">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 19:19:31">
19:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-24130 ‼</strong><br><br><code>A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27663">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 21:20:02">
21:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21827 ‼</strong><br><br><code>A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&amp;T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21827">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27664">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 21:20:04">
21:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-21826 ‼</strong><br><br><code>A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&amp;T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21826">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27665">

      <div class="body">

       <div class="pull_right date details" title="20.08.2021 21:20:06">
21:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-21828 ‼</strong><br><br><code>A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&amp;T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21828">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-873">

      <div class="body details">
21 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27666">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.08.2021 15:20:41">
15:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-38171 ‼</strong><br><br><code>adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38171">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-874">

      <div class="body details">
22 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27667">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.08.2021 17:21:55">
17:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39361 ‼</strong><br><br><code>In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39361">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27668">

      <div class="body">

       <div class="pull_right date details" title="22.08.2021 17:21:56">
17:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-39360 ‼</strong><br><br><code>In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39360">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27669">

      <div class="body">

       <div class="pull_right date details" title="22.08.2021 17:21:57">
17:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-39359 ‼</strong><br><br><code>In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27670">

      <div class="body">

       <div class="pull_right date details" title="22.08.2021 17:21:59">
17:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-39358 ‼</strong><br><br><code>In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-875">

      <div class="body details">
23 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27671">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 07:22:39">
07:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39291 ‼</strong><br><br><code>Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39291">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27672">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 07:22:40">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-39290 ‼</strong><br><br><code>Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39290">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27673">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 07:22:42">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-38598 ‼</strong><br><br><code>OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38598">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27674">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 07:22:43">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37750 ‼</strong><br><br><code>The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37750">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27675">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 07:22:44">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-39289 ‼</strong><br><br><code>Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39289">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27676">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 07:22:44">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-39245 ‼</strong><br><br><code>Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39245">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27677">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 07:22:45">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-39243 ‼</strong><br><br><code>Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27678">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 07:22:46">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-39244 ‼</strong><br><br><code>Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39244">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27679">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:22:52">
11:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24602 ‼</strong><br><br><code>The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24602">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27680">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:22:54">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-24497 ‼</strong><br><br><code>The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24497">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27681">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:22:54">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-24550 ‼</strong><br><br><code>The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24550">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27682">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:22:55">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-24558 ‼</strong><br><br><code>The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24558">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27683">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:22:56">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-3728 ‼</strong><br><br><code>firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3728">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27684">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:00">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24529 ‼</strong><br><br><code>The Grid Gallery – Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24529">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27685">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:01">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24549 ‼</strong><br><br><code>The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory via a path traversal attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24549">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27686">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:01">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-3731 ‼</strong><br><br><code>LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to &apos;clickjacking&apos;. This allows an attacker to trick a targetted user to execute unintended actions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3731">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27687">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:02">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24506 ‼</strong><br><br><code>The Slider Hero with Animation, Video Background &amp; Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24506">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27688">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:03">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24564 ‼</strong><br><br><code>The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27689">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:07">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24571 ‼</strong><br><br><code>The HD Quiz WordPress plugin before 1.8.4 does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24571">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27690">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:08">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24554 ‼</strong><br><br><code>The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24554">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27691">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:09">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24555 ‼</strong><br><br><code>The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, making it available to any authenticated user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24555">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27692">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:10">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24556 ‼</strong><br><br><code>The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribe_email and subscribe_name POST parameters, inserting them in the DB and then outputting them back in the Subscriber list (/wp-admin/edit.php?post_type=kes_campaign&amp;page=kento_email_subscriber_list_settings), leading a Stored XSS issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24556">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27693">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:12">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24561 ‼</strong><br><br><code>The WP SMS WordPress plugin before 5.4.13 does not sanitise the &quot;wp_group_name&quot; parameter before outputting it back in the &quot;Groups&quot; page, leading to an Authenticated Stored Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27694">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:13">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24547 ‼</strong><br><br><code>The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to Authenticated Stored XSS in the separator field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24547">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27695">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:14">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24565 ‼</strong><br><br><code>The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change them. Furthermore, the settings are not escaped when output in attributes, leading to a Stored Cross-Site Scripting issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24565">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27696">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:15">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24551 ‼</strong><br><br><code>The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the jal_edit_comments GET parameter before using it in a SQL statement, leading to a SQL injection issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24551">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27697">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:16">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-35465 ‼</strong><br><br><code>Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35465">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27698">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:23:16">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24524 ‼</strong><br><br><code>The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24524">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27699">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 11:43:53">
11:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Managing Privileged Access to Secure the Post-COVID Perimeter ❌</strong><br><br><code>Joseph Carson, chief security scientist &amp; advisory CISO at ThycoticCentrify, discusses how to implement advanced privileged-access practices.</code><br><br><a href="https://threatpost.com/privileged-access-covid-security/168860/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27700">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 12:07:46">
12:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Windows 365 Business: How this new tool can help your organization 🦿</strong><br><br><code>Simon Bisson tried out the new Microsoft 365 tool, which allows you to create virtual machines for your staff working from home. Here&apos;s what he learned.</code><br><br><a href="https://www.techrepublic.com/article/windows-365-business-how-this-new-tool-can-help-your-organization/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27701">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 12:29:20">
12:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 GRR 3.4.5.1</strong> <strong>🛠</strong><br><br><code>GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. &quot;Work&quot; means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.</code><br><br><a href="https://packetstormsecurity.com/files/163903/grr-3.4.5.1-release.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27702">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 12:29:21">
12:29
       </div>

       <div class="text">
<strong>🛠 Faraday 3.17.1 🛠</strong><br><br><code>Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.</code><br><br><a href="https://packetstormsecurity.com/files/163902/faraday-3.17.1.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27703">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 13:13:57">
13:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Windows 10 Admin Rights Gobbled by Razer Devices ❌</strong><br><br><code>So much for Windows 10&apos;s security: a zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device.</code><br><br><a href="https://threatpost.com/windows-10-admin-rights-razer-devices-mouse-peripherals/168855/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27704">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 13:37:48">
13:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Photos: Windows 365 Business in action 🦿</strong><br><br><code>We took Microsoft&apos;s cloud PC platform for a spin. Here&apos;s what we found.</code><br><br><a href="https://www.techrepublic.com/pictures/photos-windows-365-business-in-action/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27705">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 14:09:37">
14:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ What’s *THAT* on my 3D printer? Cloud bug lets anyone print to everyone ⚠</strong><br><br><code>That&apos;s funny. I could have sworn I didn&apos;t run a print job yesterday... but will you look at that?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/23/whats-that-on-my-3d-printer-cloud-bug-lets-anyone-print-to-everyone/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27706">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 15:23:05">
15:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-29802 ‼</strong><br><br><code>IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29802">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27707">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 15:23:06">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-29704 ‼</strong><br><br><code>IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29704">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27708">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 16:14:03">
16:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ ProxyShell Attacks Pummel Unpatched Exchange Servers ❌</strong><br><br><code>CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers.</code><br><br><a href="https://threatpost.com/proxyshell-attacks-unpatched-exchange-servers/168879/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27709">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 16:17:03">
16:17
       </div>

       <div class="text">
<strong>🔏 ProxyShell Exchange Server Vulnerabilities Exploited in the Wild 🔏</strong><br><br><code>CISA is urging organizations to patch the vulnerabilities in Exchange Server as soon as possible to prevent the spread ransomware and attackers who have been dropping web shells.</code><br><br><a href="https://digitalguardian.com/blog/proxyshell-exchange-server-vulnerabilities-exploited-wild">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27710">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:23">
17:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39149 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39149">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27711">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:25">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39148 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39148">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27712">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:27">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39147 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39147">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27713">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:29">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39144 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39144">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27714">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:30">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39154 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39154">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27715">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:31">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39141 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39141">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27716">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:33">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39139 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39139">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27717">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:34">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39146 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27718">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:35">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39140 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39140">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27719">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:37">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39152 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39152">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27720">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:38">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39151 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39151">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27721">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:40">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39145 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39145">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27722">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:41">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39150 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. If you rely on XStream&apos;s default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39150">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27723">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 17:23:42">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39153 ‼</strong><br><br><code>XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream&apos;s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39153">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27724">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 18:07:52">
18:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Trend Micro&apos;s Linux Threat Report identifies the most vulnerable distributions and biggest security headaches 🦿</strong><br><br><code>Analysts reviewed 13 million security incidents and found that end-of-life versions of Linux distributions were at the biggest risk.</code><br><br><a href="https://www.techrepublic.com/article/trend-micros-linux-threat-report-identifies-the-most-vulnerable-distributions-and-biggest-security-headaches/#ftag=RSS56d97e7">? Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27725">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:20">
19:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to create a hidden, nearly undeletable folder in Windows 10 🦿</strong><br><br><code>It is possible to hide sensitive folders and files from prying eyes in File Explorer using a few attribute settings. We show you how to hide folders and prevent their accidental deletion.</code><br><br><a href="https://www.techrepublic.com/article/how-to-create-a-hidden-nearly-undeletable-folder-in-windows-10/#ftag=RSS56d97e7">? Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27726">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:23">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39158 ‼</strong><br><br><code>NVCaffe&apos;s python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39158">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27727">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:25">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22252 ‼</strong><br><br><code>A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22252">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27728">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:27">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18734 ‼</strong><br><br><code>A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18734">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27729">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:29">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18735 ‼</strong><br><br><code>A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18735">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27730">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:30">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22449 ‼</strong><br><br><code>There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22449">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27731">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:31">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18731 ‼</strong><br><br><code>A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18731">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27732">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:33">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22248 ‼</strong><br><br><code>Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22248">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27733">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:34">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22251 ‼</strong><br><br><code>Improper validation of invited users&apos; email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22251">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27734">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:35">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22249 ‼</strong><br><br><code>A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22249">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27735">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:37">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22253 ‼</strong><br><br><code>Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22253">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27736">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:38">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22328 ‼</strong><br><br><code>There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22328">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27737">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:39">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22357 ‼</strong><br><br><code>There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions include: S12700 V200R013C00SPC500, V200R019C00SPC500; S5700 V200R013C00SPC500, V200R019C00SPC500; S6700 V200R013C00SPC500, V200R019C00SPC500; S7700 V200R013C00SPC500, V200R019C00SPC500.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22357">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27738">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:40">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39608 ‼</strong><br><br><code>Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39608">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27739">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:41">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39609 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39609">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27740">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 19:23:42">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18730 ‼</strong><br><br><code>A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18730">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27741">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 20:44:10">
20:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs ❌</strong><br><br><code>Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.</code><br><br><a href="https://threatpost.com/microsoft-38-million-sensitive-records-power-app/168885/">? Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27742">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:04">
21:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-18778 ‼</strong><br><br><code>In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18778">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27743">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:05">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39615 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the &apos;/etc/passwd&apos; file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39615">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27744">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:07">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18773 ‼</strong><br><br><code>An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18773">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27745">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:07">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36013 ‼</strong><br><br><code>Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36013">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27746">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:08">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-28596 ‼</strong><br><br><code>Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28596">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27747">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:13">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18776 ‼</strong><br><br><code>In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18776">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27748">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:14">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39614 ‼</strong><br><br><code>D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the &apos;/etc/passwd&apos; file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39614">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27749">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:15">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18775 ‼</strong><br><br><code>In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18775">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27750">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:16">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18774 ‼</strong><br><br><code>A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18774">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27751">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:16">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18771 ‼</strong><br><br><code>Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18771">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27752">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:20">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39602 ‼</strong><br><br><code>A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39602">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27753">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:21">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39613 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the &apos;/etc/passwd&apos; file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39613">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27754">

      <div class="body">

       <div class="pull_right date details" title="23.08.2021 21:23:22">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39599 ‼</strong><br><br><code>Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39599">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-876">

      <div class="body details">
24 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27755">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 07:23:45">
07:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23431 ‼</strong><br><br><code>The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23431">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27756">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 07:23:46">
07:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-23406 ‼</strong><br><br><code>This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23406">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27757">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 07:23:49">
07:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-23429 ‼</strong><br><br><code>All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23429">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27758">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 07:23:50">
07:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-23432 ‼</strong><br><br><code>This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23432">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27759">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 07:23:52">
07:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-23430 ‼</strong><br><br><code>All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23430">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27760">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 11:08:18">
11:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Microsoft Power Apps misconfiguration exposes data from 38 million records 🦿</strong><br><br><code>The leaked data included personal information for COVID-19 contact tracing and vaccination appointments, social security numbers for job applicants, employee IDs, names and email addresses.</code><br><br><a href="https://www.techrepublic.com/article/microsoft-power-apps-misconfiguration-exposes-data-from-38-million-records/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27761">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 11:23:15">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36385 ‼</strong><br><br><code>A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36385">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27762">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 11:23:17">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38613 ‼</strong><br><br><code>The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38613">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27763">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 11:23:19">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-33191 ‼</strong><br><br><code>From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an &quot;agent-update&quot; command which was designed to patch the application binary. This &quot;patching&quot; command defaults to calling a trusted binary, but might be modified to an arbitrary value through a &quot;c2-update&quot; command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33191">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27764">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 11:23:21">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39376 ‼</strong><br><br><code>Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39376">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27765">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 11:23:23">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39375 ‼</strong><br><br><code>Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39375">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27766">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 11:23:25">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38611 ‼</strong><br><br><code>A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38611">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27767">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 11:23:27">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37538 ‼</strong><br><br><code>Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37538">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27768">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 11:23:29">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38612 ‼</strong><br><br><code>In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38612">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27769">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 11:23:30">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38306 ‼</strong><br><br><code>Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38306">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27770">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 11:23:33">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38557 ‼</strong><br><br><code>raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38557">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27771">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 11:23:34">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38556 ‼</strong><br><br><code>includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38556">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27772">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 13:23:24">
13:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26040 ‼</strong><br><br><code>An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user&apos;s permissions before executing a file deletion command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26040">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27773">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 13:23:26">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-3711 ‼</strong><br><br><code>In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the &quot;out&quot; parameter can be NULL and, on exit, the &quot;outlen&quot; parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the &quot;out&quot; parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3711">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27774">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 13:23:28">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-3712 ‼</strong><br><br><code>ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL&apos;s own &quot;d2i&quot; functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the &quot;data&quot; and &quot;length&quot; fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the &quot;data&quot; field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3712">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27775">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 13:23:30">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36690 ‼</strong><br><br><code>Segmentation fault vulnerability in SQLite sqlite3 3.36.0 via the idxGetTableInfo function, in which a crafted SQL query can cause a denial of service</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36690">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27776">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 13:23:31">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38714 ‼</strong><br><br><code>In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38714">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27777">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 13:38:21">
13:38
       </div>

       <div class="text">
<strong>🦿 Risk officers and board members don&apos;t agree on use of tech and data in business 🦿</strong><br><br><code>Survey by EY finds that board members are interested in spending more money on technology and data analytics for risk management.</code><br><br><a href="https://www.techrepublic.com/article/risk-officers-and-board-members-dont-agree-on-use-of-tech-and-data-in-business/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27778">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 13:38:23">
13:38
       </div>

       <div class="text">
<strong>🦿 Survey: Boards want to invest more in technology, data analytics 🦿</strong><br><br><code>Risk officers would rather stay in their compliance roles than add data usage to their duties, EY survey says.</code><br><br><a href="https://www.techrepublic.com/videos/survey-boards-want-to-invest-more-in-technology-data-analytics/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27779">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 13:44:40">
13:44
       </div>

       <div class="text">
<strong>❌ Custom WhatsApp Build Delivers Triada Malware ❌</strong><br><br><code>Researchers have spotted the latest version of the Triada trojan targeting mobile devices via an advertising SDK.</code><br><br><a href="https://threatpost.com/custom-whatsapp-build-malware/168892/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27780">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 14:10:07">
14:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ How a gaming mouse can get you Windows superpowers! ⚠</strong><br><br><code>When a helpful feature (that you probably didn&apos;t need) turns into an exploitable vulnerability...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/24/how-a-gaming-mouse-can-get-you-windows-superpowers/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27781">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 14:10:09">
14:10
       </div>

       <div class="text">
<strong>⚠ What’s *THAT* on my 3D printer? Cloud bug lets anyone print to everyone ⚠</strong><br><br><code>That&apos;s funny. I could have sworn I didn&apos;t run a print job yesterday... but will you look at that?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/23/whats-that-on-my-3d-printer-cloud-bug-lets-anyone-print-to-everyone/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27782">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 15:18:07">
15:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day ❌</strong><br><br><code>Cybersecurity watchdog CitizenLab saw the new zero-day FORCEDENTRY exploit successfully deployed against iOS versions 14.4 &amp; 14.6, blowing past Apple&apos;s new BlastDoor sandboxing feature to install spyware on the iPhones of Bahraini activists – even one living in London at the time.</code><br><br><a href="https://threatpost.com/pegasus-spyware-uses-iphone-zero-click-imessage-zero-day/168899/">? Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27783">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 15:25:09">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-39137 ‼</strong><br><br><code>go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39137">? Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27784">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 16:40:29">
16:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Don&apos;t get rugged: DeFi scams go from zero to $129 million in a year to become top financial hack 🦿</strong><br><br><code>Atlas VPN&apos;s analysis finds that theft within decentralized finance networks is taking in more money than phishing and ransomware attacks.</code><br><br><a href="https://www.techrepublic.com/article/dont-get-rugged-defi-scams-go-from-zero-to-129-million-in-a-year-to-become-top-financial-hack/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27785">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 16:40:31">
16:40
       </div>

       <div class="text">
<strong>🦿 You can remove or update a single entry from the SSH known_hosts file 🦿</strong><br><br><code>Sometimes you might need to remove or update an SSH fingerprint of your remote machines in the known_hosts file. Jack Wallen shows you how.</code><br><br><a href="https://www.techrepublic.com/videos/you-can-remove-or-update-a-single-entry-from-the-ssh-known-hosts-file/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27786">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 16:46:33">
16:46
       </div>

       <div class="text">
<strong>❌ Poly Network Recoups $610M Stolen from DeFi Platform ❌</strong><br><br><code>The attacker returned the loot after being offered a gig as chief security advisor with Poly Network.</code><br><br><a href="https://threatpost.com/poly-network-recoups-610m-stolen-from-defi-platform/168906/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27787">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:32">
17:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-28615 ‼</strong><br><br><code>Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28615">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27788">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:34">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-28603 ‼</strong><br><br><code>Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28603">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27789">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:35">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-28625 ‼</strong><br><br><code>Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28625">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27790">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:37">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30906 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30906">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27791">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:39">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30898 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30898">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27792">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:40">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-28601 ‼</strong><br><br><code>Adobe After Effects version 18.2 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28601">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27793">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:42">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30864 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30864">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27794">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:43">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-28621 ‼</strong><br><br><code>Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28621">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27795">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:45">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30870 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30870">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27796">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:47">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-28602 ‼</strong><br><br><code>Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28602">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27797">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:48">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-28619 ‼</strong><br><br><code>Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28619">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27798">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:49">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30875 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27799">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:51">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30860 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30860">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27800">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:53">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30897 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30897">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27801">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:54">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30863 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30863">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27802">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:55">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-28605 ‼</strong><br><br><code>Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28605">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27803">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:56">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30904 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30904">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27804">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:57">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30901 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30901">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27805">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:58">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30902 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30902">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27806">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:23:59">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30899 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30899">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27807">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:30">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31097 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31097">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27808">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:32">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31009 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31009">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27809">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:34">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31145 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31145">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27810">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:36">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31056 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31056">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27811">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:37">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31111 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31111">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27812">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:39">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-30970 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30970">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27813">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:42">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31149 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31149">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27814">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:44">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31086 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31086">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27815">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:46">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31013 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31013">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27816">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:48">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31110 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31110">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27817">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:51">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31040 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31040">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27818">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:52">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-28617 ‼</strong><br><br><code>Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28617">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27819">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:54">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31015 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27820">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:57">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31116 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31116">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27821">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:30:58">
17:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31030 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31030">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27822">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:31:00">
17:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-31108 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31108">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27823">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:31:02">
17:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-30928 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30928">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27824">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:31:04">
17:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-31052 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31052">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27825">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:31:06">
17:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-30923 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30923">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27826">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:31:08">
17:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-30960 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30960">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27827">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:38">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-31016 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31016">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27828">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:40">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-30920 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30920">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27829">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:42">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-31091 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31091">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27830">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:44">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-31001 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31001">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27831">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:45">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-31019 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27832">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:47">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-31062 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31062">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27833">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:48">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-30986 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30986">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27834">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:49">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-30969 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30969">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27835">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:51">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-30871 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30871">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27836">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:52">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-31004 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31004">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27837">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:54">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-31060 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31060">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27838">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:56">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-30952 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30952">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27839">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:58">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-30937 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30937">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27840">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:36:59">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-31099 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31099">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27841">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:37:02">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-31092 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31092">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27842">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:37:03">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-30887 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30887">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27843">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:37:05">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-30911 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30911">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27844">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:37:07">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-30854 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30854">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27845">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:37:08">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-31055 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31055">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27846">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 17:37:11">
17:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-31136 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31136">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27847">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 19:23:28">
19:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32777 ‼</strong><br><br><code>Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However, only the last header value is sent. This may allow specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed request may be delivered by an untrusted downstream peer in the presence of ext-authz extension. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to the ext-authz extension to correctly merge multiple request header values, when sending request for authorization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32777">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27848">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 19:23:30">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-32779 ‼</strong><br><br><code>Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI &apos;#fragment&apos; element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final &quot;/admin&quot; path element, or is using a negative assertion with final path element of &quot;/admin&quot;. The client sends request to &quot;/app1/admin#foo&quot;. In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as &quot;/admin#foo&quot; and mismatches with the configured &quot;/admin&quot; path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the offending &quot;#foo&quot; fragment which violates RFC3986 or with the nonsensical &quot;%23foo&quot; text appended. A specifically constructed request with URI containing &apos;#fragment&apos; element delivered by an untrusted client in the presence of path based request authorization resulting in escalation of Privileges when path based request authorization extensions. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes that removes fragment from URI path in incoming requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32779">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27849">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 19:23:31">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-32780 ‼</strong><br><br><code>Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32780">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27850">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 19:23:32">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-32781 ‼</strong><br><br><code>Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy&apos;s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32781">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27851">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 19:23:34">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-32778 ‼</strong><br><br><code>Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32778">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27852">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 19:23:35">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-31151 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31151">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27853">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 19:23:36">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18917 ‼</strong><br><br><code>The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker&apos;s control.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27854">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 19:23:38">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18913 ‼</strong><br><br><code>EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18913">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27855">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 21:37:38">
21:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39155 ‼</strong><br><br><code>Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The proxy will route the request hostname in a case-insensitive way which means the authorization policy could be bypassed. As an example, the user may have an authorization policy that rejects request with hostname &quot;httpbin.foo&quot; for some source IPs, but the attacker can bypass this by sending the request with hostname &quot;Httpbin.Foo&quot;. Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to normalize Host header before the authorization check. This is similar to the Path normalization presented in the [Security Best Practices](https://istio.io/latest/docs/ops/best-practices/security/#case-normalization) guide.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39155">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27856">

      <div class="body">

       <div class="pull_right date details" title="24.08.2021 21:37:41">
21:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-39156 ‼</strong><br><br><code>Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request with `#fragment` in the path may bypass Istio’s URI path based authorization policies. Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to normalize the path.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39156">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-877">

      <div class="body details">
25 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27857">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 08:45:15">
08:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ California Man Hacked iCloud Accounts to Steal Nude Photos ❌</strong><br><br><code>Hao Kou Chi pleaded guilty to four felonies in a hacker-for-hire scam that used socially engineered emails to trick people out of their credentials.</code><br><br><a href="https://threatpost.com/man-hacked-icloud/168923/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27858">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 11:08:47">
11:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How safe is a quantum-safe virtual private network? 🦿</strong><br><br><code>Verizon aims to find out by testing the technology, which is geared at enhancing encryption methods using session key exchange security mechanisms, the carrier said.</code><br><br><a href="https://www.techrepublic.com/article/how-safe-is-a-quantum-safe-virtual-private-network/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27859">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 11:25:20">
11:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-33884 ‼</strong><br><br><code>An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the webpage API. This can result in critical files being overwritten.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33884">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27860">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 11:25:21">
11:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33605 ‼</strong><br><br><code>Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.6.7 (Vaadin 14.5.0 through 14.6.7), and 18.0.0 through 20.0.5 (Vaadin 18.0.0 through 20.0.5) allows attackers to modify the value of a disabled Checkbox inside enabled CheckboxGroup component via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33605">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27861">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 11:25:22">
11:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33882 ‼</strong><br><br><code>A Missing Authentication for Critical Function vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to reconfigure the device from an unknown source because of lack of authentication on proprietary networking commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33882">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27862">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 11:25:23">
11:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33885 ‼</strong><br><br><code>An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full system command access and execution because of the lack of cryptographic signatures on critical data sets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33885">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27863">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 11:25:24">
11:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33883 ‼</strong><br><br><code>A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to obtain sensitive information by snooping on the network traffic. The exposed data includes critical values for a pump&apos;s internal configuration.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33883">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27864">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 11:25:28">
11:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33886 ‼</strong><br><br><code>An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33886">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27865">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 12:00:56">
12:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 I2P 1.5.0 🛠</strong><br><br><code>I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.</code><br><br><a href="https://packetstormsecurity.com/files/163912/i2psource_1.5.0.tar.bz2">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27866">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 12:15:21">
12:15
       </div>

       <div class="text">
<strong>❌ US Media, Retailers Targeted by New SparklingGoblin APT ❌</strong><br><br><code>The new APT uses an undocumented backdoor to infiltrate the education, retail and government sectors.</code><br><br><a href="https://threatpost.com/sparklinggoblin-apt/168928/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27867">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 13:25:26">
13:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2018-10790 ‼</strong><br><br><code>The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by mp2aac.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10790">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27868">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 15:45:32">
15:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Win10 Admin Rights Tossed Off by Yet Another Plug-In ❌</strong><br><br><code>Then again, you don’t even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights.</code><br><br><a href="https://threatpost.com/windows-10-admin-rights-steelseries-devices/168927/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27869">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 15:53:04">
15:53
       </div>

       <div class="text">
<strong>🔏 OnePercent Ransomware Group Has Hit US Companies Since November 🔏</strong><br><br><code>The group, like other malicious campaigns of late, has been using Cobalt Strike to carry out ransomware attacks against companies.</code><br><br><a href="https://digitalguardian.com/blog/onepercent-ransomware-group-has-hit-us-companies-november">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27870">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 16:08:47">
16:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Kanye&apos;s upcoming album is a scam magnet, Kaspersky finds 🦿</strong><br><br><code>&quot;Donda&quot; will be out Aug. 26, and scammers are taking advantage of fan anticipation by seeding the internet with malicious fake downloads.</code><br><br><a href="https://www.techrepublic.com/article/kanyes-upcoming-album-is-a-scam-magnet-kaspersky-finds/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27871">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:25:43">
17:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21869 ‼</strong><br><br><code>An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21869">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27872">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:25:46">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-22244 ‼</strong><br><br><code>Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22244">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27873">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:25:47">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-22256 ‼</strong><br><br><code>Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22256">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27874">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:25:49">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-33015 ‼</strong><br><br><code>Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27875">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:25:51">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-22245 ‼</strong><br><br><code>Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22245">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27876">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:25:52">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-22237 ‼</strong><br><br><code>Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27877">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:25:54">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21835 ‼</strong><br><br><code>An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom associated with the “csgpâ€� FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21835">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27878">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:25:55">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21848 ‼</strong><br><br><code>An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stszâ€� FOURCC code when parsing atoms that use the “stz2â€� FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21848">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27879">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:25:57">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-22242 ‼</strong><br><br><code>Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22242">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27880">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:25:59">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-22243 ‼</strong><br><br><code>Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27881">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:26:00">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-22250 ‼</strong><br><br><code>Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22250">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27882">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:26:01">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-21840 ‼</strong><br><br><code>An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the “saioâ€� FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21840">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27883">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:26:03">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-21850 ‼</strong><br><br><code>An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trunâ€� FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21850">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27884">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:26:05">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-39136 ‼</strong><br><br><code>baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39136">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27885">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:26:06">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-21841 ‼</strong><br><br><code>An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the &apos;sbgp&apos; FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21841">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27886">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:26:07">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-22236 ‼</strong><br><br><code>Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22236">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27887">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:26:09">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-21849 ‼</strong><br><br><code>An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfraâ€� FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21849">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27888">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:26:10">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-32975 ‼</strong><br><br><code>Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32975">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27889">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:26:12">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-3713 ‼</strong><br><br><code>An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice-&gt;data3 and UASDevice-&gt;status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3713">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27890">

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 17:26:14">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-21842 ‼</strong><br><br><code>An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the &apos;ssix&apos; FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21842">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27891">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 19:38:52">
19:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Want to become a white-hat hacker? Here&apos;s what you need to know 🦿</strong><br><br><code>Switch to an exciting new tech career as a white-hat hacker. For this training course, you can study on your own time without going into debt.</code><br><br><a href="https://www.techrepublic.com/article/heres-all-you-need-to-know-to-become-a-white-hat-hacker/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27892">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 20:15:33">
20:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cisco Issues Critical Fixes for High-End Nexus Gear ❌</strong><br><br><code>Networking giant issues two critical patches and six high-severity patches.</code><br><br><a href="https://threatpost.com/cisco-issues-critical-fixes-for-high-end-nexus-gear/168939/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27893">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.08.2021 21:26:36">
21:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37334 ‼</strong><br><br><code>A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could lead to a remote code execution attack and/or arbitrary file deletion.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37334">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-878">

      <div class="body details">
26 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27894">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 09:45:54">
09:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Microsoft Breaks Silence on Barrage of ProxyShell Attacks ❌</strong><br><br><code>versions of the software are affected by a spate of bugs under active exploitations.</code><br><br><a href="https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27895">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 10:15:56">
10:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Podcast: Ransomware Up x10: Disrupting Cybercrime Suppy Chains an Opportunity ❌</strong><br><br><code>Derek Manky, Chief, Security Insights &amp; Global Threat Alliances at Fortinet’s FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021.</code><br><br><a href="https://threatpost.com/podcast-ransomware-up-tenfold-telecoms/168913/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27896">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 11:10:58">
11:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep47: Daylight robbery, spaghetti trouble, and mousetastic superpowers [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/26/s3-ep47-daylight-robbery-spaghetti-trouble-and-mousetastic-superpowers-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27897">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 11:26:45">
11:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3734 ‼</strong><br><br><code>yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3734">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27898">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 11:26:46">
11:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-27944 ‼</strong><br><br><code>Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27944">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27899">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 11:26:46">
11:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-38559 ‼</strong><br><br><code>DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38559">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27900">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 12:09:11">
12:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Tech companies pledge to help toughen US cybersecurity in White House meeting 🦿</strong><br><br><code>Apple, Google, Microsoft and others will fund new technologies and training as part of the nation&apos;s struggle to combat cyberattacks.</code><br><br><a href="https://www.techrepublic.com/article/tech-companies-pledge-to-help-toughen-us-cybersecurity-in-white-house-meeting/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27901">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 13:06:52">
13:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Wireshark Analyzer 3.4.8 🛠</strong><br><br><code>Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/163918/wireshark-3.4.8.tar.xz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27902">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 13:26:51">
13:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36352 ‼</strong><br><br><code>Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with &quot;name_middle&quot;, &quot;addr_str&quot;, &quot;station&quot;, &quot;name_maiden&quot;, &quot;name_2&quot;, &quot;name_3&quot; parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36352">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27903">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 13:26:52">
13:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-32076 ‼</strong><br><br><code>Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the “Web Help Desk Getting Started Wizardâ€�, especially the admin account creationpage, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32076">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27904">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 13:39:09">
13:39
       </div>

       <div class="text">
<strong>🦿 Google and mobile operating systems top list of privacy concerns, says Kaspersky 🦿</strong><br><br><code>Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture.</code><br><br><a href="https://www.techrepublic.com/article/google-and-mobile-operating-systems-top-list-of-privacy-concerns-says-kaspersky/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27905">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 13:46:00">
13:46
       </div>

       <div class="text">
<strong>❌ F5 Bug Could Lead to Complete System Takeover ❌</strong><br><br><code>The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode.</code><br><br><a href="https://threatpost.com/f5-critical-bug-system-takeover/168952/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27906">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 15:26:55">
15:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40147 ‼</strong><br><br><code>EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40147">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27907">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 16:39:15">
16:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to create locally signed SSL certificates with mkcert 🦿</strong><br><br><code>If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. Jack Wallen shows you how to use this handy tool.</code><br><br><a href="https://www.techrepublic.com/article/how-to-create-locally-signed-ssl-certificates-with-mkcert/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27908">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 16:53:04">
16:53
       </div>

       <div class="text">
<strong>🔏 California Reminds Healthcare Orgs of Data Breach Reporting Obligations 🔏</strong><br><br><code>Hospitals and healthcare providers in the state have been failing to report ransomware attacks that impact health data belonging to patients.</code><br><br><a href="https://digitalguardian.com/blog/california-reminds-healthcare-orgs-data-breach-reporting-obligations">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27909">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:27">
17:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-29487 ‼</strong><br><br><code>octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. This only affects frontend users and the attacker must obtain a Laravel secret key for cookie encryption and signing in order to exploit this vulnerability. The issue has been patched in Build 472 and v1.1.5.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29487">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27910">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:28">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-36929 ‼</strong><br><br><code>Microsoft Edge (Chromium-based) Information Disclosure Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36929">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27911">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:30">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-18476 ‼</strong><br><br><code>SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18476">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27912">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:32">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-18477 ‼</strong><br><br><code>SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18477">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27913">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:34">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-36928 ‼</strong><br><br><code>Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36931.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36928">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27914">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:35">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-30599 ‼</strong><br><br><code>Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30599">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27915">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:37">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-30601 ‼</strong><br><br><code>Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30601">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27916">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:39">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-32648 ‼</strong><br><br><code>octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32648">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27917">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:41">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-30596 ‼</strong><br><br><code>Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30596">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27918">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:42">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-18468 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18468">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27919">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:45">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-30602 ‼</strong><br><br><code>Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30602">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27920">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:47">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-36931 ‼</strong><br><br><code>Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36928.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27921">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:49">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-18470 ‼</strong><br><br><code>Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18470">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27922">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:51">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-30603 ‼</strong><br><br><code>Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30603">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27923">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:53">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-18475 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18475">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27924">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:54">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-30594 ‼</strong><br><br><code>Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30594">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27925">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:56">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-30604 ‼</strong><br><br><code>Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30604">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27926">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:27:58">
17:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-30593 ‼</strong><br><br><code>Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30593">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27927">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:28:00">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-30597 ‼</strong><br><br><code>Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30597">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27928">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 17:28:02">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-30590 ‼</strong><br><br><code>Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30590">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27929">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 18:16:10">
18:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Man Sues Parents of Teens Who Hijacked Nearly $1M in Bitcoin ❌</strong><br><br><code>Now adults, the then-teens apparently used clipboard hijacking malware to steal Bitcoin.</code><br><br><a href="https://threatpost.com/man-sues-parents-teens-hijacked-1m-bitcoin/168964/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27930">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 19:27:06">
19:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39161 ‼</strong><br><br><code>Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse&apos;s default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse&apos;s default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39161">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27931">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 19:27:07">
19:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-37715 ‼</strong><br><br><code>A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37715">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27932">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 19:27:08">
19:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-39165 ‼</strong><br><br><code>Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator&apos;s password and session. The original repository of Cachet &lt;https://github.com/CachetHQ/Cachet&gt; is not active, the stable version 2.3.18 and it&apos;s developing 2.4 branch is affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39165">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27933">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 19:27:09">
19:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-29727 ‼</strong><br><br><code>IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29727">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27934">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 19:27:11">
19:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-29862 ‼</strong><br><br><code>IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29862">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27935">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 19:27:12">
19:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-29801 ‼</strong><br><br><code>IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29801">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27936">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 19:27:13">
19:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-29715 ‼</strong><br><br><code>IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29715">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27937">

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 19:27:14">
19:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-29772 ‼</strong><br><br><code>IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29772">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27938">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.08.2021 22:11:22">
22:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Big bad decryption bug in OpenSSL – but no cause for alarm ⚠</strong><br><br><code>The buggy code&apos;s in there, alright. Fortunately, it&apos;s hard to get OpenSSL to use it even if you want to, which mitigates the risk.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/08/27/big-bad-decryption-bug-in-openssl-but-no-cause-for-alarm/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-879">

      <div class="body details">
27 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27939">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 02:28:51">
02:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39167 ‼</strong><br><br><code>OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team&apos;s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39167">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27940">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 02:28:52">
02:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-39168 ‼</strong><br><br><code>OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team&apos;s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39168">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27941">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 07:27:45">
07:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40142 ‼</strong><br><br><code>In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40142">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27942">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 10:21:37">
10:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ ‘Pay Ransom’ Screen? Too Late, Humpty Dumpty – Podcast ❌</strong><br><br><code>Splunk’s Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya &amp; how to get ahead of encryption leaving your business a pile of broken shells. </code><br><br><a href="https://threatpost.com/ransom-humpty-dumpty-podcast/168962/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27943">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 10:46:39">
10:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Top Strategies That Define the Success of a Modern Vulnerability Management Program ❌</strong><br><br><code>Modern vulnerability management programs require a strategy that defines what success means for your organization’s cybersecurity goals. By incorporating a few simple cyber hygiene routines to your daily security routine, you’ll set up your IT teams to be better equipped to steer off cyberattacks.</code><br><br><a href="https://threatpost.com/top-strategies-that-define-the-success-of-a-modern-vulnerability-management-program/168604/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27944">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 11:27:59">
11:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39169 ‼</strong><br><br><code>Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has been fixed in version 12.51.0. There are no known workarounds aside from upgrading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39169">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27945">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 11:28:00">
11:28
       </div>

       <div class="text">
<strong>❌ Ragnarok Ransomware Gang Bites the Dust, Releases Decryptor ❌</strong><br><br><code>The cybercriminal group, active since late 2019, has closed its doors and released the key to unlocking victims’ files on its dark web portal.</code><br><br><a href="https://threatpost.com/ragnarok-releases-decryptor/168976/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27946">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 12:09:35">
12:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 &quot;Intruders&quot; in the cloud: Microsoft warns &quot;thousands&quot; of customers about potential exposure 🦿</strong><br><br><code>On Thursday, the company sent warnings to &quot;thousands&quot; of its cloud computing customers, explaining that &quot;intruders&quot; could have access to Microsoft Azure&apos;s Cosmos DB databases, according to Reuters.</code><br><br><a href="https://www.techrepublic.com/article/intruders-in-the-cloud-microsoft-warns-thousands-of-customers-about-potential-exposure/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27947">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 13:28:06">
13:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40153 ‼</strong><br><br><code>squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40153">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27948">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 14:21:45">
14:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Critical Azure Cosmos DB Bug Allows Full Cloud Account Takeover ❌</strong><br><br><code>It&apos;s unclear if Microsoft customers were breached during the months-long period where the #ChaosDB bug in Jupyter Notebooks was exploitable.</code><br><br><a href="https://threatpost.com/azure-cosmos-db-bug-cloud/168986/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27949">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 14:23:11">
14:23
       </div>

       <div class="text">
<strong>🔏 Friday Five 8/27 🔏</strong><br><br><code>Tech companies pledge billions to bolster security, a ransomware group shuts down, and the top data breach culprits - catch up on the infosec news of the week with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-8/27">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27950">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 14:46:46">
14:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ FIN8 Targets US Bank With New ‘Sardonic’ Backdoor ❌</strong><br><br><code>The latest refinement of the APT&apos;s BadHatch backdoor can leverage new malware on the fly without redeployment, making it potent and nimble.</code><br><br><a href="https://threatpost.com/fin8-bank-sardonic-backdoor/168982/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27951">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 15:09:37">
15:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Top 10 tech and health jobs with the best pay and growth potential 🦿</strong><br><br><code>A new analysis shows that infosec analysts, sysadmins and network architects will see the most growth over the next decade.</code><br><br><a href="https://www.techrepublic.com/article/top-10-tech-and-health-jobs-with-the-best-pay-and-growth-potential/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27952">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 15:28:14">
15:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36530 ‼</strong><br><br><code>ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36530">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27953">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 15:28:15">
15:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-36531 ‼</strong><br><br><code>ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36531">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27954">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 15:28:17">
15:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-29744 ‼</strong><br><br><code>IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29744">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27955">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 15:28:18">
15:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-23434 ‼</strong><br><br><code>This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === &apos;__proto__&apos; returns false if currentPath is [&apos;__proto__&apos;]. This is because the === operator returns always false when the type of the operands is different.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23434">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27956">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 16:39:40">
16:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Ransomware demands and payments skyrocket 🦿</strong><br><br><code>According to a ransomware report, the average ransom payment in the first half of 2021 jumped to $570,000. Learn more in TechRepublic&apos;s Karen Roby interview with writer Lance Whitney.</code><br><br><a href="https://www.techrepublic.com/videos/ransomware-demands-and-payments-skyrocket/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27957">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:14:41">
17:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How malicious Android apps use social engineering tactics to access Facebook accounts 🦿</strong><br><br><code>Learn how Android users can protect themselves against such malicious apps.</code><br><br><a href="https://www.techrepublic.com/videos/how-malicious-android-apps-use-social-engineering-tactics-to-access-facebook-accounts/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27958">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:24">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-28695 ‼</strong><br><br><code>IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn&apos;t have access to anymore (CVE-2021-28696).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28695">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27959">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:25">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-18999 ‼</strong><br><br><code>Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component &apos;/admin/submit-articles&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18999">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27960">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:27">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-28233 ‼</strong><br><br><code>Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28233">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27961">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:28">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-3264 ‼</strong><br><br><code>SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3264">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27962">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:30">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-28697 ‼</strong><br><br><code>grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28697">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27963">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:31">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-28696 ‼</strong><br><br><code>IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn&apos;t have access to anymore (CVE-2021-28696).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28696">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27964">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:32">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-19002 ‼</strong><br><br><code>Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the &apos;Description&apos; field of the component &apos;admin/blog/blogpost/add/&apos;. This issue is different than CVE-2018-16632.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19002">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27965">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:34">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-28699 ‼</strong><br><br><code>inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28699">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27966">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:35">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-19001 ‼</strong><br><br><code>Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component &apos;simiki/blob/master/simiki/config.py&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19001">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27967">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:37">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-28694 ‼</strong><br><br><code>IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn&apos;t have access to anymore (CVE-2021-28696).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28694">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27968">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:38">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-28700 ‼</strong><br><br><code>xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28700">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27969">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:39">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-18998 ‼</strong><br><br><code>Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component &apos;/admin/custom/blog-plugin/add&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18998">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27970">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:41">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-19000 ‼</strong><br><br><code>Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component &apos;simiki/blob/master/simiki/generators.py&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27971">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:41">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-28698 ‼</strong><br><br><code>long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren&apos;t in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of &quot;cooperating&quot; guests may, however, cause the effects to be more severe.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28698">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27972">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:42">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-32758 ‼</strong><br><br><code>OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32758">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27973">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:28:43">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-23226 ‼</strong><br><br><code>Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) datat.ph_inpup, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23226">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27974">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:46:55">
17:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Winning the Cyber-Defense Race: Understand the Finish Line ❌</strong><br><br><code>Kerry Matre, Mandiant senior director, clears up misconceptions about the value to business for enterprise cyber-defense. Hint: It&apos;s not achieving visibility.</code><br><br><a href="https://threatpost.com/winning-cyber-defense-race/168996/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27975">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 17:46:57">
17:46
       </div>

       <div class="text">
<strong>❌ Experts: WH Cybersecurity Summit Should Be Followed by Regulation, Enforcement ❌</strong><br><br><code>Amazon, Google, Microsoft etc. making major commitments to shore up nation’s cyber-defenses just won&apos;t be enough, researchers say.</code><br><br><a href="https://threatpost.com/wh-cybersecurity-summit-regulation-enforcement/169002/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27976">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 18:09:40">
18:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Security alert: The threat is coming from inside your Docker container images 🦿</strong><br><br><code>Five malicious Docker container images were recently detected on Docker Hub, totaling more than 120,000 pulls.</code><br><br><a href="https://www.techrepublic.com/article/security-alert-the-threat-is-coming-from-inside-your-container-images/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27977">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 18:16:51">
18:16
       </div>

       <div class="text">
<strong>❌ Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug ❌</strong><br><br><code>Firm offers guidance on how to mitigate a five-months-old privilege escalation bug impacting Parallels Desktop 16 for Mac and all previous versions.</code><br><br><a href="https://threatpost.com/parallels-inconvenient-fix/168997/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27978">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 19:28:30">
19:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-18106 ‼</strong><br><br><code>The GET parameter &quot;id&quot; in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18106">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27979">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 19:28:31">
19:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-18114 ‼</strong><br><br><code>An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18114">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27980">

      <div class="body">

       <div class="pull_right date details" title="27.08.2021 19:28:32">
19:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-18116 ‼</strong><br><br><code>A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18116">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-880">

      <div class="body details">
28 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27981">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.08.2021 02:28:56">
02:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39174 ‼</strong><br><br><code>Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39174">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27982">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.08.2021 14:17:25">
14:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ T-Mobile’s Security Is ‘Awful,’ Says Purported Thief ❌</strong><br><br><code>John Binns, claiming to be behind the massive T-Mobile theft of &gt;50m customer records, dissed the security measures of the US&apos;s No. 2 wireless biggest carrier. T-Mobile is &quot;humbled,&quot; it said, announcing new partnerships with security heavyweights on Friday.</code><br><br><a href="https://threatpost.com/t-mobile-security-awful-thief/169011/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-881">

      <div class="body details">
29 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27983">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.08.2021 19:31:17">
19:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40176 ‼</strong><br><br><code>Zoho ManageEngine Log360 before Build 5225 allows stored XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40176">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27984">

      <div class="body">

       <div class="pull_right date details" title="29.08.2021 19:31:18">
19:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-40172 ‼</strong><br><br><code>Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40172">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27985">

      <div class="body">

       <div class="pull_right date details" title="29.08.2021 19:31:19">
19:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-40175 ‼</strong><br><br><code>Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40175">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27986">

      <div class="body">

       <div class="pull_right date details" title="29.08.2021 19:31:20">
19:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-40177 ‼</strong><br><br><code>Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40177">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27987">

      <div class="body">

       <div class="pull_right date details" title="29.08.2021 19:31:21">
19:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-40173 ‼</strong><br><br><code>Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40173">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27988">

      <div class="body">

       <div class="pull_right date details" title="29.08.2021 19:31:22">
19:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-40178 ‼</strong><br><br><code>Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40178">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27989">

      <div class="body">

       <div class="pull_right date details" title="29.08.2021 19:31:23">
19:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-40174 ‼</strong><br><br><code>Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40174">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-882">

      <div class="body details">
30 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message27990">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 02:31:51">
02:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37749 ‼</strong><br><br><code>MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37749">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27991">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 07:32:06">
07:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26084 ‼</strong><br><br><code>In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if ‘Allow people to sign up to create their account’ is enabled. To check whether this is enabled go to COG &gt; User Management &gt; User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26084">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27992">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 07:32:07">
07:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-39117 ‼</strong><br><br><code>The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability via the name of a custom field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39117">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27993">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 07:32:08">
07:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-39272 ‼</strong><br><br><code>Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27994">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 07:32:10">
07:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-39113 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39113">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27995">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 07:32:11">
07:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-39111 ‼</strong><br><br><code>The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39111">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27996">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 07:32:12">
07:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-36359 ‼</strong><br><br><code>OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27997">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 07:32:13">
07:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-38385 ‼</strong><br><br><code>Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38385">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message27998">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 07:32:14">
07:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-39271 ‼</strong><br><br><code>OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39271">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message27999">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 11:11:02">
11:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to use phishing simulations and security mailboxes with Microsoft 365&apos;s new security model 🦿</strong><br><br><code>Microsoft 365&apos;s &quot;secure by default&quot; stance removes some tools used by security teams. Here&apos;s how to work around the new restrictions.</code><br><br><a href="https://www.techrepublic.com/article/how-to-use-phishing-simulations-and-security-mailboxes-with-microsoft-365s-new-security-model/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28000">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 12:18:47">
12:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ LockBit Gang to Publish 103GB of Bangkok Air Customer Data ❌</strong><br><br><code>The airline announced the breach on Thursday, and the ransomware gang started a countdown clock the next day.</code><br><br><a href="https://threatpost.com/lockbit-bangkok-airways-breach/169019/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28001">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 13:32:19">
13:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24580 ‼</strong><br><br><code>The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24580">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28002">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 13:32:20">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24437 ‼</strong><br><br><code>The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting (XSS) which is executed in the context of a logged administrator.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24437">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28003">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 13:32:21">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24528 ‼</strong><br><br><code>The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting (XSS) vulnerability. Only users with roles capable of managing plugins can modify the plugin&apos;s settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24528">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28004">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 13:32:22">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24593 ‼</strong><br><br><code>The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its &apos;Now closed message&quot; setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24593">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28005">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 13:32:23">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-37911 ‼</strong><br><br><code>The management interface of BenQ smart wireless conference projector does not properly control user&apos;s privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37911">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28006">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 13:32:24">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24581 ‼</strong><br><br><code>The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its &quot;Logo Title&quot; setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24581">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28007">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 13:32:25">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24592 ‼</strong><br><br><code>The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24592">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28008">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 13:32:26">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24667 ‼</strong><br><br><code>A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox (Version – 2.2.0 &amp; below). The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of image parameters in meta data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24667">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28009">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 13:32:27">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24438 ‼</strong><br><br><code>The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the &apos;ga_action&apos; parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24438">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28010">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 13:32:28">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-25958 ‼</strong><br><br><code>In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25958">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28011">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 13:32:29">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24665 ‼</strong><br><br><code>The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24665">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28012">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 13:32:30">
13:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-24579 ‼</strong><br><br><code>The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24579">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28013">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 15:40:22">
15:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Paying ransom should be your last resort, cybersecurity expert says 🦿</strong><br><br><code>Some organizations can get by without paying in a ransomware attack, but others really have no choice, he says.</code><br><br><a href="https://www.techrepublic.com/videos/paying-ransom-should-be-your-last-resort-cybersecurity-expert-says/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28014">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 15:40:23">
15:40
       </div>

       <div class="text">
<strong>🦿 Expert: Governments and businesses must come together to combat ransomware threat 🦿</strong><br><br><code>Nations have to stop sheltering bad actors in order to stop them, expert says.</code><br><br><a href="https://www.techrepublic.com/article/expert-governments-and-businesses-must-come-together-to-combat-ransomware-threat/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28015">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 15:48:52">
15:48
       </div>

       <div class="text">
<strong>❌ Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping ❌</strong><br><br><code>The bug (CVE-2021-33766) is an information-disclosure issue that could reveal victims&apos; personal information, sensitive company data and more.</code><br><br><a href="https://threatpost.com/microsoft-exchange-proxytoken-email/169030/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28016">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 16:48:54">
16:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ The Underground Economy: Recon, Weaponization &amp; Delivery for Account Takeovers ❌</strong><br><br><code>In part one of a two-part series, Akamai&apos;s director of security technology and strategy, Tony Lauro, lays out what orgs need to know to defend against account takeover attacks.</code><br><br><a href="https://threatpost.com/underground-economy-account-takeovers/169032/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28017">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 16:55:28">
16:55
       </div>

       <div class="text">
<strong>🔏 New DOJ Fellowship Program to Bridge Gap in Cyber Law Knowledge 🔏</strong><br><br><code>The Justice Department announced a new Cyber Fellowship program for attorneys to develop skills to handle emerging national security threats like ransomware.</code><br><br><a href="https://digitalguardian.com/blog/new-doj-fellowship-program-bridge-gap-cyber-law-knowledge">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28018">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:30">
17:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-29631 ‼</strong><br><br><code>In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29631">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28019">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:31">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-18125 ‼</strong><br><br><code>A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18125">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28020">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:32">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-22024 ‼</strong><br><br><code>The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28021">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:33">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-21774 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-21773. Reason: This candidate is a reservation duplicate of CVE-2021-21773. Notes: All CVE users should reference CVE-2021-21773 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21774">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28022">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:34">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-38393 ‼</strong><br><br><code>A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38393">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28023">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:38">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-37416 ‼</strong><br><br><code>Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37416">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28024">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:38">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-32991 ‼</strong><br><br><code>Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28025">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:39">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34066 ‼</strong><br><br><code>An issue was discovered in EdgeGallery/developer before v1.0. There is a &quot;Deserialization of yaml file&quot; vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34066">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28026">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:40">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34646 ‼</strong><br><br><code>Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34646">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28027">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:41">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-33055 ‼</strong><br><br><code>Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33055">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28028">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:45">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-35634 ‼</strong><br><br><code>A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser&lt;EW&gt;::read_sface() sfh-&gt;boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35634">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28029">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:45">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-36370 ‼</strong><br><br><code>An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36370">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28030">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:46">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-3628 ‼</strong><br><br><code>OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3628">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28031">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:47">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-27020 ‼</strong><br><br><code>Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27020">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28032">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:48">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-18126 ‼</strong><br><br><code>Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28033">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:52">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-35633 ‼</strong><br><br><code>A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser&lt;EW&gt;::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35633">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28034">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:52">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-32967 ‼</strong><br><br><code>Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32967">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28035">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:53">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-22022 ‼</strong><br><br><code>The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22022">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28036">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:54">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-22027 ‼</strong><br><br><code>The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22027">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28037">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:32:55">
17:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-33007 ‼</strong><br><br><code>A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33007">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28038">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:38:35">
17:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-33019 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28039">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:38:38">
17:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-33003 ‼</strong><br><br><code>Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33003">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28040">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:38:40">
17:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-29630 ‼</strong><br><br><code>In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29630">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28041">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:38:42">
17:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-38343 ‼</strong><br><br><code>The Nested Pages WordPress plugin &lt;= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38343">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28042">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:38:43">
17:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-37421 ‼</strong><br><br><code>Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37421">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28043">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 17:48:55">
17:48
       </div>

       <div class="text">
<strong>❌ Army Testing Facial Recognition in Child-Care Centers ❌</strong><br><br><code>Army looking for AI to layer over daycare CCTV to boost ‘family quality of life.’</code><br><br><a href="https://threatpost.com/army-facial-recognition-child-care/169036/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28044">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 18:48:57">
18:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform ❌</strong><br><br><code>HPE joins Apple in warning customers of a high-severity Sudo vulnerability.</code><br><br><a href="https://threatpost.com/hpe-sudo-bug-aruba-platform/169038/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28045">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 19:32:36">
19:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-32831 ‼</strong><br><br><code>Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP&apos;s Laravel or Python&apos;s Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32831">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28046">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 19:32:37">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-39175 ‼</strong><br><br><code>HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39175">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28047">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 19:32:38">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-34434 ‼</strong><br><br><code>In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34434">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28048">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 19:32:38">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-39132 ‼</strong><br><br><code>### Impact An authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An authenticated user can make a POST request, that can cause the server to run untrusted code on Rundeck Enterprise Edition. The zip-format plugin issues requires authentication and authorization to these access levels, and affects all Rundeck editions: * `admin` level access to the `system` resource type The ACL Policy yaml file upload issues requires authentication and authorization to these access levels, and affects all Rundeck editions: * `create` `update` or `admin` level access to a `project_acl` resource * `create` `update` or `admin` level access to the `system_acl` resource The unauthorized POST request requires authentication, but no specific authorization, and affects Rundeck Enterprise only. ### Patches Versions 3.4.3, 3.3.14 ### Workarounds Please visit [https://rundeck.com/security](https://rundeck.com/security) for information about specific workarounds. ### For more information If you have any questions or comments about this advisory: * Email us at [security@rundeck.com](mailto:security@rundeck.com) To report security issues to Rundeck please use the form at [https://rundeck.com/security](https://rundeck.com/security) Reporter: Rojan Rijal from Tinder Red Team</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39132">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28049">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 19:32:39">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-35062 ‼</strong><br><br><code>A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35062">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28050">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 19:32:43">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-32832 ‼</strong><br><br><code>Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32832">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28051">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 19:32:44">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-36692 ‼</strong><br><br><code>libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36692">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28052">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 19:32:45">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-36691 ‼</strong><br><br><code>libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36691">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28053">

      <div class="body">

       <div class="pull_right date details" title="30.08.2021 19:32:45">
19:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-39133 ‼</strong><br><br><code>Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39133">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-883">

      <div class="body details">
31 August 2021
      </div>

     </div>

     <div class="message default clearfix" id="message28054">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 02:32:57">
02:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27558 ‼</strong><br><br><code>A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27558">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28055">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 02:32:57">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-13639 ‼</strong><br><br><code>A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECT_Provider/, such that when the content is viewed (it can only be viewed by Administrators), attacker-controlled JavaScript will execute in the security context of an administrator&apos;s browser. This is fixed in Outsystems 10.0.1005.2, Outsystems 11.9.0 Platform Server, and Outsystems 11.7.0 LifeTime Management Console.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13639">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28056">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 02:32:58">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-39178 ‼</strong><br><br><code>Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the `next.config.js` file must have `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default or the instance is deployed on Vercel, the instance is not affected by the vulnerability. The vulnerability is patched in Next.js version 11.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39178">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28057">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 02:32:59">
02:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-36981 ‼</strong><br><br><code>In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36981">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28058">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 02:33:00">
02:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27557 ‼</strong><br><br><code>A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27557">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28059">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 02:33:04">
02:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-40330 ‼</strong><br><br><code>git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28060">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 02:33:04">
02:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-27556 ‼</strong><br><br><code>The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27556">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28061">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 02:33:05">
02:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-36356 ‼</strong><br><br><code>KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36356">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28062">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 07:49:22">
07:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection ❌</strong><br><br><code>Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems.</code><br><br><a href="https://threatpost.com/lockfile-ransomware-avoid-detection/169042/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28063">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 08:41:36">
08:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cybercriminals are holding schools ransom for billions and some are paying up 🦿</strong><br><br><code>A new report highlights the financial costs of school ransomware, days lost to downtime and the number of students impacted, as these incidents become a steady source of criminal income.</code><br><br><a href="https://www.techrepublic.com/article/cybercriminals-are-holding-schools-ransom-for-billions-and-some-are-paying-up/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28064">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 09:33:18">
09:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34578 ‼</strong><br><br><code>This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34578">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28065">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 09:33:21">
09:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-34559 ‼</strong><br><br><code>In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34559">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28066">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 09:33:22">
09:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-33555 ‼</strong><br><br><code>In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33555">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28067">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 09:33:23">
09:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-34565 ‼</strong><br><br><code>In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34565">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28068">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 09:33:25">
09:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-34560 ‼</strong><br><br><code>In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user&apos;s computer. Therefore the user must have logged in at least once.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34560">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28069">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 09:33:27">
09:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-34562 ‼</strong><br><br><code>In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application&apos;s response.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34562">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28070">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 09:33:28">
09:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-3749 ‼</strong><br><br><code>axios is vulnerable to Inefficient Regular Expression Complexity</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3749">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28071">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 09:33:29">
09:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-34564 ‼</strong><br><br><code>Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user&apos;s credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28072">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 09:33:30">
09:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-34563 ‼</strong><br><br><code>In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie&apos;s value to be read or set by client-side JavaScript.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28073">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 09:33:31">
09:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-34561 ‼</strong><br><br><code>In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target&apos;s browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28074">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 09:33:32">
09:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-34581 ‼</strong><br><br><code>Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34581">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28075">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 10:11:33">
10:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cybercriminals buy up admin credentials to sharpen attacks on cloud deployments 🦿</strong><br><br><code>Lacework analysis finds that SSH, SQL, Docker and Redis were the most common targets over the last three months.</code><br><br><a href="https://www.techrepublic.com/article/cybercriminals-buy-up-admin-credentials-to-sharpen-attacks-on-cloud-deployments/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28076">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 10:49:32">
10:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Top 3 APIs Vulnerabilities: Why Apps are Owned by Cyberattackers ❌</strong><br><br><code>Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them.</code><br><br><a href="https://threatpost.com/top-3-api-vulnerabilities-cyberattackers/169048/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28077">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 11:11:36">
11:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Delta variant: Is your IT department ready to go fully remote again due to COVID-19? 🦿</strong><br><br><code>The delta variant is delaying office reentry plans. For companies going fully remote again, team cohesion, cloud investments and reducing IT burden could be key, according to tech experts.</code><br><br><a href="https://www.techrepublic.com/article/delta-variant-is-your-it-department-ready-to-go-fully-remote-again-due-to-covid-19/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28078">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 11:33:25">
11:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-35219 ‼</strong><br><br><code>ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35219">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28079">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 11:33:27">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-35220 ‼</strong><br><br><code>Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35220">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28080">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 11:33:29">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-35222 ‼</strong><br><br><code>This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35222">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28081">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 11:33:30">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-35221 ‼</strong><br><br><code>Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35221">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28082">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 11:33:32">
11:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-39316 ‼</strong><br><br><code>The Zoomsounds plugin &lt;= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39316">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28083">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 12:19:30">
12:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout ❌</strong><br><br><code>The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL.</code><br><br><a href="https://threatpost.com/qnap-openssl-bugs/169054/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message28084">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:19:35">
13:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ WooCommerce Pricing Plugin Allows Malicious Code-Injection ❌</strong><br><br><code>The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers.</code><br><br><a href="https://threatpost.com/woocommerce-plugin-malicious/169063/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28085">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:33:33">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-19047 ‼</strong><br><br><code>Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component &apos;/index.php?controller=system&amp;action=admin_edit_act&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19047">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28086">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:33:35">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21681 ‼</strong><br><br><code>Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21681">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28087">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:33:38">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-19049 ‼</strong><br><br><code>Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the &quot;Description&quot; field found in the &quot;Add New Forum&quot; page by doing an authenticated POST HTTP request to &apos;/Upload/admin/index.php?module=forum-management&amp;action=add&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19049">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28088">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:33:39">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21677 ‼</strong><br><br><code>Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21677">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28089">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:33:40">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21678 ‼</strong><br><br><code>Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21678">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28090">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:33:42">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21680 ‼</strong><br><br><code>Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21680">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28091">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:33:43">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-19046 ‼</strong><br><br><code>Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component &apos;/admin/tpl.php?page=&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19046">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28092">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:33:44">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-19048 ‼</strong><br><br><code>Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the &quot;Title&quot; field found in the &quot;Add New Forum&quot; page by doing an authenticated POST HTTP request to &apos;/Upload/admin/index.php?module=forum-management&amp;action=add&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19048">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28093">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:33:45">
13:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21679 ‼</strong><br><br><code>Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21679">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28094">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:36:30">
13:36
       </div>

       <div class="text">
<strong>🛠 Dr Checker 4 Linux 🛠</strong><br><br><code>This is an LLVM based tool to audit Linux kernel module security using both pointer and taint analyses that are flow-sensitive, context-sensitive, and fieldsensitive on kernel drivers. It is port of Dr. Checker.</code><br><br><a href="https://packetstormsecurity.com/files/163983/dr_checker_4_linux-main.zip">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28095">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:36:32">
13:36
       </div>

       <div class="text">
<strong>🛠 Hashcat Advanced Password Recovery 6.2.4 Source Code 🛠</strong><br><br><code>Hashcat is an advanced GPU hash cracking utility that includes the World&apos;s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/163996/hashcat-6.2.4.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28096">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:36:34">
13:36
       </div>

       <div class="text">
<strong>🛠 Flawfinder 2.0.19 🛠</strong><br><br><code>Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.</code><br><br><a href="https://packetstormsecurity.com/files/163982/flawfinder-2.0.19.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message28097">

      <div class="body">

       <div class="pull_right date details" title="31.08.2021 13:36:36">
13:36
       </div>

       <div class="text">
<strong>🛠 Hashcat Advanced Password Recovery 6.2.4 Binary Release 🛠</strong><br><br><code>Hashcat is an advanced GPU hash cracking utility that includes the World&apos;s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.</code><br><br><a href="https://packetstormsecurity.com/files/163997/hashcat-6.2.4.7z">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <a class="pagination block_link" href="messages29.html">
Next messages
     </a>

    </div>

   </div>

  </div>

 </body>

</html>