New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. "This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their...

CVE-2021-41495

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error ca...

Brand-New Log4Shell Attack Vector Threatens Local Hosts

Defenders will once again be busy beavers this weekend: There’s an alternative attack vector for the ubiquitous Log4j vulnerability, which relies on a basic Javascript WebSocket connection to trigger remote code-execution RCE on servers locally, via drive-by compromise. In other words, an exploit...

SICK SOPAS ET安全漏洞

Sick Sopas Et is an engineering tool from the German company Sick.A security vulnerability exists in versions prior to SICK SOPAS ET 4.8.0, which could be exploited by an attacker to package any executable file into an SDD and make it available to SOPAS ET users...

uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities

Document Title: =============== uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2288 Release Date: ============= 2021-12-15 Vulnerability Laboratory ID VL-ID: ====================================...

No checks if given product is created by the factory

Handle 0x0x0x Vulnerability details An attacker can create a fake product. Collateral contract does not check whether the given product is created by the factory. A malicious product can return arbitrary maintenance amounts, therefore they can make any deposit to fake product stuck simply return...

Basket can be fully drained if the auction is settled within a specific block

Handle Ruhum Vulnerability details Impact The settleAuction function allows someone to settle the auction by transferring funds in a way that the new pending index is fulfilled. As a reward, they are able to take out as many tokens as they want as long as the pending index is fulfilled after that...

Reprise Software Reprise License Manager 安全特征问题漏洞

Reprise Software Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications.Reprise Software Reprise License...

Reprise Software Reprise License Manager 访问控制错误漏洞

Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications.Reprise Software Reprise License Manager A licensing...

Bentley Systems Bentley View 资源管理错误漏洞

Bentley View is a free viewer from Bentley Systems, Inc. A memory mis-reference vulnerability exists in Bentley View J2K File Parsing, which results from not verifying the existence of an object prior to J2K File Parsing. An attacker could exploit this vulnerability to execute code in the context...

The vulnerability of Adobe Audition for Windows and macOS, related to the operation of operations beyond buffer boundaries in memory, allows a hacker to trigger a system failure.

The vulnerability of Adobe Audition’s audio editing software for Windows and macOS is related to the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to information leakage, which could be exploited by attackers to obtain sensitive information and use it to launch further attacks on the affected system...

showdoc 跨站请求伪造漏洞

showdoc is an open source tool ideal for IT teams to share documents online. showDoc has a security vulnerability that can be exploited by attackers to perform request forgery CSRF attacks...

Huawei HarmonyOS 输入验证错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS. An attacker can exploit the vulnerability to cause a device reboot...

Cross site scripting

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger thi...

OroCrm 跨站请求伪造漏洞

OroCrm is an open source Customer Relationship Management Crm application from Oro Corporation. It is used to create 360° views of customers across multiple channels, organize sales channels, manage account and contact information, communicate with customers, run marketing campaigns and track...

AZL-6605 CVE-2021-43975 affecting package kernel for versions less than 5.15.2.1-1

In the Linux kernel through 5.15.2, hwatlutilsfwrpcwait in drivers/net/ethernet/aquantia/atlantic/hwatl/hwatlutils.c allows an attacker who can introduce a crafted device to trigger an out-of-bounds write via a crafted length value...

Design/Logic Flaw

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent t...

kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type

A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system...

U.S. Dept Of Defense: Unauthenticated Access to Admin Panel Functions at https://██████████/████████

Description: I discovered that the admin panel at https://████/█████ and all its functions can be accessed without authentication. Impact An attacker is able to use the administrative functions in order to upload, delete or modify files. System Hosts ████████ Affected Products and Versions ██████...