+84949482065
Mozilla has released security updates to address a vulnerability in Network Security Services (NSS). An attacker could exploit this vulnerability to take control of an affected system. Ref https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all ServiceDesk Plus versions up to, and including, version 11305. More https://us-cert.cisa.gov/ncas/alerts/aa21-336a
We already have 18,124 CVEs as of December 1, 2021. More detail https://www.cvedetails.com/browse-by-date.php
In the wazuh-slack active response script in Wazuh before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. Ref https://github.com/wazuh/wazuh/issues/10858
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. Read here https://www.ibm.com/support/pages/node/6517470
This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the…
BeyondTrust Privilege Management for Windows contains a local privilege escalation vulnerability prior to version 21.6. More https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md
Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure. Read more in my article on the Tripwire blog https://www.tripwire.com/state-of-security/security-data-protection/sophisticated-tardigrade-malware-launches-attacks-on-vaccine-manufacturing-infrastructure/
TESLA PHONE THIS 2021? It’s been widely reported that US-based EV maker Tesla will “officially” launch the Model Pi phone "later this year". It’s not clear exactly when, if at…
The exploit, unveiled in research presented today, revives the DNS cache-poisoning attack that researcher Dan Kaminsky disclosed in 2008. He showed that, by masquerading as an authoritative DNS server and…
