Microsoft Sees Rampant Log4j Exploit Attempts, Testing

No surprise here: The holidays bought no Log4Shell relief. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library. “We have...

CVE-2021-39143

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system...

Path traversal

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system...

The vulnerability of Google Chrome’s web storage mechanism, which allows a hacker to circumvent existing security restrictions

The vulnerability of Google Chrome browser-based web storage is caused by synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to bypass existing security restrictions remotely...

Netgear RAX43 缓冲区错误漏洞

The Netgear RAX43 is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between them. A buffer overflow vulnerability exists in Netgear RAX43 version 1.0.3.96. The vulnerability is caused by the URL parsing functionality of the...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the possibility of an operation going beyond the buffer in memory, allowing a hacker to execute arbitrary code.

The vulnerability of Adobe After Effects’ video and dynamic image editing software relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2021-4052

Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Self-contained lab environment PoC that runs a reverse-shell w...

New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. "This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their...

CVE-2021-41495

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error ca...

Brand-New Log4Shell Attack Vector Threatens Local Hosts

Defenders will once again be busy beavers this weekend: There’s an alternative attack vector for the ubiquitous Log4j vulnerability, which relies on a basic Javascript WebSocket connection to trigger remote code-execution RCE on servers locally, via drive-by compromise. In other words, an exploit...

SICK SOPAS ET安全漏洞

Sick Sopas Et is an engineering tool from the German company Sick.A security vulnerability exists in versions prior to SICK SOPAS ET 4.8.0, which could be exploited by an attacker to package any executable file into an SDD and make it available to SOPAS ET users...

uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities

Document Title: =============== uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2288 Release Date: ============= 2021-12-15 Vulnerability Laboratory ID VL-ID: ====================================...

No checks if given product is created by the factory

Handle 0x0x0x Vulnerability details An attacker can create a fake product. Collateral contract does not check whether the given product is created by the factory. A malicious product can return arbitrary maintenance amounts, therefore they can make any deposit to fake product stuck simply return...

Basket can be fully drained if the auction is settled within a specific block

Handle Ruhum Vulnerability details Impact The settleAuction function allows someone to settle the auction by transferring funds in a way that the new pending index is fulfilled. As a reward, they are able to take out as many tokens as they want as long as the pending index is fulfilled after that...

Reprise Software Reprise License Manager 安全特征问题漏洞

Reprise Software Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications.Reprise Software Reprise License...

Reprise Software Reprise License Manager 访问控制错误漏洞

Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications.Reprise Software Reprise License Manager A licensing...

Bentley Systems Bentley View 资源管理错误漏洞

Bentley View is a free viewer from Bentley Systems, Inc. A memory mis-reference vulnerability exists in Bentley View J2K File Parsing, which results from not verifying the existence of an object prior to J2K File Parsing. An attacker could exploit this vulnerability to execute code in the context...

The vulnerability of Adobe Audition for Windows and macOS, related to the operation of operations beyond buffer boundaries in memory, allows a hacker to trigger a system failure.

The vulnerability of Adobe Audition’s audio editing software for Windows and macOS is related to the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to information leakage, which could be exploited by attackers to obtain sensitive information and use it to launch further attacks on the affected system...