462 matches found
USN-5330-1 libreoffice vulnerability
It was discovered that LibreOffice incorrectly handled digital signatures. An attacker could possibly use this issue to create a specially crafted document that would display a validly signed indicator, contrary to expectations...
Trailer Power Line Communications 安全漏洞
Trailer Power Line Communications is a bi-directional serial communications link on a vehicle power line from Transportation Systems Sector. A security vulnerability exists in Trailer Power Line Communications PLC J2497, which can be exploited by an attacker to perform diagnostic functions in the...
PT-2022-15011 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: The issue is related to a "type confusion" bug in the default certificate validation routines when processing subjectAltNames. This allows, for example, an rfc822Name or...
MoonBounce: New malware deployed by APT41 in UEFI firmware
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. MoonBounce is a new type of malware that hides in the most complex part of an Operating System OS, the Basic Input Output System BIOS chip, and thus persists even after reinstalling your OS or formatting your hard drive...
Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations
Microsoft has released a blog post on possible Master Boot Record MBR Wiper activity targeting Ukrainian organizations, including Ukrainian government agencies. According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note; however, the...
CVE-2021-39976
creationtimestamp| type| source ---|---|--- 2021-11-23 18:20:54+00:00| seen| https://t.me/cibsecurity/32849...
USN-5153-1 libreoffice vulnerabilities
It was discovered that LibreOffice incorrectly handled digital signatures. An attacker could possibly use this issue to create a specially crafted document that would display a validly signed indicator, contrary to expectations...
CVE-2021-42055
creationtimestamp| type| source ---|---|--- 2021-10-18 20:32:00+00:00| seen| https://t.me/cibsecurity/30723...
LibreOffice Trust Management Issues Vulnerability (CNVD-2022-55627)
LibreOffice is a suite that is compatible with other major office softwares and can be executed on a variety of platforms. A vulnerability exists in LibreOffice due to a trust management issue. An attacker could use this vulnerability to create digitally signed ODF documents by manipulating the...
ManageEngine ADSelfService Plus has been abused in the wild due to a zero-day vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT actor is attempting to exploit a zero-day vulnerability in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution that poses a high risk to critical infrastructure companies,...
CVE-2021-24593
The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue...
CVE-2021-24593
CVE-2021-24593 affects the WordPress plugin Business Hours Indicator prior to version 2.3.5. The vulnerability is an Authenticated Stored Cross-Site Scripting (XSS) caused by the plugin not sanitising or escaping the 'Now closed message' setting in both backend and frontend outputs. Impact is sto...
CVE-2021-24593 Business Hours Indicator < 2.3.5 - Authenticated Stored XSS
The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue...
WordPress 插件跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Business Hours Indicator prior t...
CVE-2021-21847
creationtimestamp| type| source ---|---|--- 2021-08-18 16:16:46+00:00| seen| https://t.me/cibsecurity/27500 2024-03-29 14:38:26+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/4219...
CVE-2021-20763
creationtimestamp| type| source ---|---|--- 2021-08-18 12:16:39+00:00| seen| https://t.me/cibsecurity/27479...
CVE-2021-0284
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service DoS. By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of...
CVE-2021-38545
Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...
CVE-2021-38549
MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...
CVE-2021-38548
JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a...