messages35.html

<!DOCTYPE html>
<html>

 <head>

  <meta charset="utf-8"/>
<title>Exported Data</title>
  <meta content="width=device-width, initial-scale=1.0" name="viewport"/>

  <link href="css/style.css" rel="stylesheet"/>

  <script src="js/script.js" type="text/javascript">

  </script>

 </head>

 <body onload="CheckLocation();">

  <div class="page_wrap">

   <div class="page_header">

    <div class="content">

     <div class="text bold">
🛡 Cybersecurity &amp; Privacy news 🛡 
     </div>

    </div>

   </div>

   <div class="page_body chat_page">

    <div class="history">

     <a class="pagination block_link" href="messages34.html">
Previous messages
     </a>

     <div class="message service" id="message-984">

      <div class="body details">
15 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34098">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:46:57">
18:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-1003 ‼</strong><br><br><code>In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857506</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1003">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34099">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:46:58">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-0956 ‼</strong><br><br><code>In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0956">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34100">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:46:59">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-0918 ‼</strong><br><br><code>In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197536150</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0918">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34101">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:47:01">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-0955 ‼</strong><br><br><code>In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-192085766</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0955">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34102">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:47:02">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-1043 ‼</strong><br><br><code>In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194697257References: N/A</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1043">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34103">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:47:04">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-0927 ‼</strong><br><br><code>In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0927">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34104">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:47:05">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-0986 ‼</strong><br><br><code>In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192247339</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0986">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34105">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:47:07">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-39657 ‼</strong><br><br><code>In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39657">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34106">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:47:08">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-1027 ‼</strong><br><br><code>In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193033243</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1027">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34107">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:47:09">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-45078 ‼</strong><br><br><code>stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45078">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34108">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:47:10">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-0926 ‼</strong><br><br><code>In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user&apos;s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0926">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34109">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:47:12">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-39655 ‼</strong><br><br><code>Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39655">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34110">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:48:55">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1012 ‼</strong><br><br><code>In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195412179</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1012">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34111">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:48:57">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-39648 ‼</strong><br><br><code>In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39648">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34112">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:48:59">
18:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-0976 ‼</strong><br><br><code>In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0976">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34113">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 18:49:02">
18:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-1015 ‼</strong><br><br><code>In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530496</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34114">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 20:37:56">
20:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Relentless Log4j Attacks Include State Actors, Possible Worm ❌</strong><br><br><code>More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.</code><br><br><a href="https://threatpost.com/log4j-attacks-state-actors-worm/177088/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34115">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 21:04:47">
21:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft 🕴</strong><br><br><code>Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say.</code><br><br><a href="https://www.darkreading.com/application-security/original-fix-for-log4j-flaw-fails-to-fully-protect-against-dos-attacks-data-theft">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34116">

      <div class="body">

       <div class="pull_right date details" title="15.12.2021 21:04:48">
21:04
       </div>

       <div class="text">
<strong>🕴 Companies Must Assess Threats to AI &amp; ML Systems in 2022: Microsoft 🕴</strong><br><br><code>Most companies lack the proper tools to assess their vulnerability to threats facing their AI systems and ML pipelines, prompting Microsoft to release a risk assessment framework.</code><br><br><a href="https://www.darkreading.com/risk/companies-must-assess-threats-to-ai-ml-systems-in-2022-microsoft">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-985">

      <div class="body details">
16 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34117">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:36:59">
03:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45085 ‼</strong><br><br><code>XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45085">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34118">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:00">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45096 ‼</strong><br><br><code>KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45096">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34119">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:02">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45095 ‼</strong><br><br><code>pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45095">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34120">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:04">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45100 ‼</strong><br><br><code>The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45100">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34121">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:05">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45087 ‼</strong><br><br><code>XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45087">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34122">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:06">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-44023 ‼</strong><br><br><code>A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34123">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:08">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45086 ‼</strong><br><br><code>XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server&apos;s suggested_filename is used as the pdf_name value in PDF.js.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45086">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34124">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:09">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45102 ‼</strong><br><br><code>An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45102">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34125">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:10">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45101 ‼</strong><br><br><code>An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users&apos; jobs and/or read their data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45101">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34126">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:11">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45099 ‼</strong><br><br><code>** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH &amp; Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against complex social engineering situations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45099">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34127">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:12">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45088 ‼</strong><br><br><code>XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45088">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34128">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:14">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45098 ‼</strong><br><br><code>An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it&apos;s possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client&apos;s request. These packets will not trigger a Suricata reject action.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45098">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34129">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:14">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45092 ‼</strong><br><br><code>Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45092">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34130">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 03:37:15">
03:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45097 ‼</strong><br><br><code>KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator&apos;s password in a file without appropriate file access controls, allowing all local users to read its content.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45097">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34131">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 05:05:11">
05:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Rise in API-Based Attacks Underscore Investments in New Tools 🕴</strong><br><br><code>Noname Security&apos;s Series C fundraising tips the startup to over $1 billion in valuation, a sign that organizations are beginning to look for API security tools and investor are looking for innovation in the space.</code><br><br><a href="https://www.darkreading.com/emerging-tech/rise-in-api-based-attacks-underscore-investments-in-new-tools">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34132">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 08:37:07">
08:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4121 ‼</strong><br><br><code>yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4121">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34133">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 08:37:09">
08:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-4123 ‼</strong><br><br><code>livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4123">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34134">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 10:03:59">
10:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ How expired web domains help criminal hackers unlock enterprise defenses 🗓️</strong><br><br><code>Allow domains to ‘drop’ and you’re increasing the effectiveness of a variety of attacks</code><br><br><a href="https://portswigger.net/daily-swig/how-expired-web-domains-help-criminal-hackers-unlock-enterprise-defenses">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34135">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 10:35:51">
10:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40835 ‼</strong><br><br><code>An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40835">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34136">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 11:07:00">
11:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ ‘DarkWatchman’ RAT Shows Evolution in Fileless Malware ❌</strong><br><br><code>The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access.</code><br><br><a href="https://threatpost.com/darkwatchman-rat-evolution-fileless-malware/177091/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34137">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 11:35:31">
11:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ UK government reveals plans to become ‘global cyber power’ in 2022 🗓️</strong><br><br><code>National Cyber Security Centre leads scheme to increase capabilities</code><br><br><a href="https://portswigger.net/daily-swig/uk-government-reveals-plans-to-become-global-cyber-power-in-2022">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34138">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 12:05:30">
12:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Dear Congress: It&apos;s Complicated. Please Consider This When Crafting New Cybersecurity Legislation 🕴</strong><br><br><code>As mandatory reporting bills work their way through the halls of Congress, what should businesses do to prepare for this pending legislation?</code><br><br><a href="https://www.darkreading.com/risk/dear-congress-it-s-complicated-please-consider-this-when-crafting-new-cybersecurity-legislation">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34139">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 12:35:58">
12:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4124 ‼</strong><br><br><code>janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4124">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34140">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 13:02:31">
13:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to install the ConfigServer and Security Firewall combo on Ubuntu Server 🦿</strong><br><br><code>If you&apos;d like a powerful firewall for your Ubuntu Server, but one that offers a fairly straightforward configuration, Jack Wallen thinks CSF might be the right tool for the job.</code><br><br><a href="https://www.techrepublic.com/article/how-to-install-the-configserver-and-security-firewall-combo-on-ubuntu-server/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34141">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 13:05:35">
13:05
       </div>

       <div class="text">
<strong>🗓️ SAP squashes SQL injection, XSS bugs in December patch round 🗓️</strong><br><br><code>CVSS severity scores range from 2.4 to 9.9</code><br><br><a href="https://portswigger.net/daily-swig/sap-squashes-sql-injection-xss-bugs-in-december-patch-round">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34142">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 14:36:07">
14:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3959 ‼</strong><br><br><code>A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3959">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34143">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 14:36:09">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3960 ‼</strong><br><br><code>Improper Limitation of a Pathname to a Restricted Directory (&apos;Path Traversal&apos;) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3960">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34144">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 14:39:36">
14:39
       </div>

       <div class="text">
<strong>⚠ Apple security updates are out – and not a Log4Shell mention in sight ⚠</strong><br><br><code>Get &apos;em while they&apos;re hot!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/14/apple-security-updates-are-out-and-not-a-log4shell-mention-in-sight/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34145">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 15:06:13">
15:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ NY Man Pleads Guilty in $20 Million SIM Swap Theft ♟️</strong><br><br><code>A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent &quot;SIM swaps,&quot; scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities.</code><br><br><a href="https://krebsonsecurity.com/2021/12/ny-man-pleads-guilty-in-20-million-sim-swap-theft/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34146">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 15:06:14">
15:06
       </div>

       <div class="text">
<strong>🕴 Log4Shell: The Big Picture 🕴</strong><br><br><code>A look at why this is such a tricky vulnerability and why the industry response has been good, but not great.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/log4shell-the-big-picture">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34147">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 15:08:18">
15:08
       </div>

       <div class="text">
<strong>⚠ S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript] ⚠</strong><br><br><code>Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/16/s3-ep63-log4shell-what-else-and-apple-kernel-bugs-podcasttranscript/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34148">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 16:02:36">
16:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How organizations should prioritize security vulnerabilities 🦿</strong><br><br><code>Organizations are not always linking the actual data on vulnerabilities with the specific risks to their business, says Cyber Vulcan.</code><br><br><a href="https://www.techrepublic.com/article/how-organizations-should-prioritize-security-vulnerabilities/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34149">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 16:08:47">
16:08
       </div>

       <div class="text">
<strong>❌ ‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems ❌</strong><br><br><code>It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks.</code><br><br><a href="https://threatpost.com/pseudomanuscrypt-mass-spyware-campaign/177097/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34150">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 16:36:12">
16:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41260 ‼</strong><br><br><code>Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41260">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34151">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 16:36:13">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-42912 ‼</strong><br><br><code>FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42912">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34152">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 16:36:15">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-41962 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41962">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34153">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 16:36:17">
16:36
       </div>

       <div class="text">
<strong>❌ ‘Tropic Trooper’ Reemerges to Target Transportation Outfits ❌</strong><br><br><code>Analysts warn that the attack group, now known as &apos;Earth Centaur,&apos; is honing its attacks to go after transportation and government agencies.</code><br><br><a href="https://threatpost.com/tropic-trooper-transportation/177106/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34154">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:32:44">
18:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Turn your basic networking and coding skills into in-demand cybersecurity qualifications 🦿</strong><br><br><code>If you&apos;ve just started climbing the IT professional career ladder or recently learned a little basic coding, you can quickly turn your experience into lucrative cybersecurity skills for a career upgrade.</code><br><br><a href="https://www.techrepublic.com/article/turn-your-basic-networking-and-coding-skills-into-in-demand-cybersecurity-qualifications/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34155">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:35:56">
18:35
       </div>

       <div class="text">
<strong>🕴 Phorpiex Botnet Variant Spread Across 96 Countries 🕴</strong><br><br><code>A new variant dubbed &quot;Twizt&quot; has hijacked 969 transactions and stolen the equivalent of nearly $500,000 USD.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/phorpiex-botnet-variant-spread-across-96-countries">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34156">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:35:57">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-37262 ‼</strong><br><br><code>JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37262">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34157">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:35:58">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-35210 ‼</strong><br><br><code>A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35210">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34158">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:35:59">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-35211 ‼</strong><br><br><code>An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35211">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34159">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:00">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-38244 ‼</strong><br><br><code>A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38244">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34160">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:02">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-35214 ‼</strong><br><br><code>An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35214">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34161">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:03">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-35216 ‼</strong><br><br><code>An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35216">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34162">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:04">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43837 ‼</strong><br><br><code>vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a powerful templating engine and is not designed to safely render arbitrary templates. An attacker controlling a jinja2 template rendered on a machine can trigger arbitrary code, making this a Remote Code Execution (RCE) risk. If the content of the vault can be completely trusted, then this is not a problem. Otherwise, if your threat model includes cases where an attacker can manipulate a secret value read from the vault using vault-cli, then this vulnerability may impact you. In 3.0.0, the code related to interpreting vault templated secrets has been removed entirely. Users are advised to upgrade as soon as possible. For users unable to upgrade a workaround does exist. Using the environment variable `VAULT_CLI_RENDER=false` or the flag `--no-render` (placed between `vault-cli` and the subcommand, e.g. `vault-cli --no-render get-all`) or adding `render: false` to the vault-cli configuration yaml file disables rendering and removes the vulnerability. Using the python library, you can use: `vault_cli.get_client(render=False)` when creating your client to get a client that will not render templated secrets and thus operates securely.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43837">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34163">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:06">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3179 ‼</strong><br><br><code>GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3179">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34164">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:08">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-44315 ‼</strong><br><br><code>In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44315">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34165">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:09">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-44317 ‼</strong><br><br><code>In Bus Pass Management System v1.0, parameters &apos;pagedes&apos; and `About Us` are affected with a Stored Cross-site scripting vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44317">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34166">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:10">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-35213 ‼</strong><br><br><code>An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35213">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34167">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:11">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-35215 ‼</strong><br><br><code>An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35215">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34168">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:12">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-41028 ‼</strong><br><br><code>A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41028">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34169">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:14">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-42550 ‼</strong><br><br><code>In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42550">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34170">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:15">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-26800 ‼</strong><br><br><code>Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26800">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34171">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:15">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43812 ‼</strong><br><br><code>The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43812">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34172">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:16">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-41261 ‼</strong><br><br><code>Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41261">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34173">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:18">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-41262 ‼</strong><br><br><code>Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with &quot;member&quot; privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41262">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34174">

      <div class="body">

       <div class="pull_right date details" title="16.12.2021 18:36:22">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-35209 ‼</strong><br><br><code>An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35209">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-986">

      <div class="body details">
17 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34175">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 03:47:42">
03:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44857 ‼</strong><br><br><code>An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn&apos;t have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44857">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34176">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 03:47:42">
03:47
       </div>

       <div class="text">
<strong>‼ CVE-2021-41843 ‼</strong><br><br><code>An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&amp;func=search URI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41843">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34177">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 03:50:43">
03:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-45038 ‼</strong><br><br><code>An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45038">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34178">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 06:21:25">
06:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Mobile App Developers Keep Fraudulent Traffic at Bay with Anti-Fraud API 🕴</strong><br><br><code>The new API and SDK from Pixalate helps mobile developers avoid getting their apps delisted from app stores by detecting and blocking fraudulent traffic.</code><br><br><a href="https://www.darkreading.com/dr-tech/mobile-app-developers-keep-fraudulent-traffic-at-bay-with-anti-fraud-api">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34179">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 09:35:56">
09:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Desjardins data breach: Class action lawsuit agreement reaches $201 million 🗓️</strong><br><br><code>Final amount to be confirmed in 2022</code><br><br><a href="https://portswigger.net/daily-swig/desjardins-data-breach-class-action-lawsuit-agreement-reaches-201-million">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34180">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 11:04:22">
11:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Respect in Security: Anti-harassment infosec industry group gains momentum with code of conduct campaign 🗓️</strong><br><br><code>Take the pledge, companies are urged</code><br><br><a href="https://portswigger.net/daily-swig/respect-in-security-anti-harassment-infosec-industry-group-gains-momentum-with-code-of-conduct-campaign">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34181">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 11:24:24">
11:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Conti Gang Suspected of Ransomware Attack on McMenamins ❌</strong><br><br><code>The incident occurred last weekend at the popular chain of restaurants, hotels and breweries, which is still facing disruptions.</code><br><br><a href="https://threatpost.com/conti-gang-ransomware-attack-mcmenamins/177119/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34182">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 11:33:59">
11:33
       </div>

       <div class="text">
<strong>🛠 Google OSS Fuzz 🛠</strong><br><br><code>Google&apos;s OSS Fuzz tool aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution.</code><br><br><a href="https://packetstormsecurity.com/files/165353/oss-fuzz-master-202112170617.zip">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34183">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 11:34:00">
11:34
       </div>

       <div class="text">
<strong>🛠 TOR Virtual Network Tunneling Tool 0.4.6.9</strong> <strong>🛠</strong><br><br><code>Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/165352/tor-0.4.6.9.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34184">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 12:06:59">
12:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Is Data Security Worthless if the Data Life Cycle Lacks Clarity? 🕴</strong><br><br><code>If you cannot track, access, or audit data at every stage of the process, then you can&apos;t claim your data is secure.</code><br><br><a href="https://www.darkreading.com/risk/is-data-security-worthless-if-the-data-lifecycle-lacks-clarity-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34185">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 12:37:31">
12:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4132 ‼</strong><br><br><code>livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4132">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34186">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 12:37:33">
12:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-43678 ‼</strong><br><br><code>Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43678">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34187">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 12:37:35">
12:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-45042 ‼</strong><br><br><code>In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45042">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34188">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 12:37:36">
12:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-42584 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42584">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34189">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 13:04:28">
13:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Ukraine hosts large-scale simulation of cyber-attack against energy grid 🗓️</strong><br><br><code>SANS Institute’s latest Grid NetWars competition involved 250 security pros from Ukraine</code><br><br><a href="https://portswigger.net/daily-swig/ukraine-hosts-large-scale-simulation-of-cyber-attack-against-energy-grid">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34190">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 13:07:42">
13:07
       </div>

       <div class="text">
<strong>❌ Convergence Ahoy: Get Ready for Cloud-Based Ransomware ❌</strong><br><br><code>Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments.</code><br><br><a href="https://threatpost.com/cloud-ransomware-convergence/177112/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34191">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 13:38:39">
13:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript] ⚠</strong><br><br><code>Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/16/s3-ep63-log4shell-what-else-and-apple-kernel-bugs-podcasttranscript/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34192">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 14:03:06">
14:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How password troubles could cost your online business potential sales 🦿</strong><br><br><code>One in four online shoppers surveyed by Beyond Identity said they&apos;d abandon a shopping cart of $100 or more if they had to reset their password to check out.</code><br><br><a href="https://www.techrepublic.com/article/how-password-troubles-could-cost-your-online-business-potential-sales/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34193">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 14:23:16">
14:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CISA Issues Emergency Directive on Log4j 🕴</strong><br><br><code>The Cybersecurity Infrastructure and Security Agency orders federal agencies to take actions to mitigate vulnerabilities to the Apache Log4j flaw and attacks exploiting it.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/cisa-issues-emergency-directive-on-log4j">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34194">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 14:23:18">
14:23
       </div>

       <div class="text">
<strong>🕴 Time to Reset the Idea of Zero Trust 🕴</strong><br><br><code>CISOs are increasingly drawn to the zero trust security model, but implementing a frictionless experience is still a challenge.</code><br><br><a href="https://www.darkreading.com/crowdstrike/time-to-reset-the-idea-of-zero-trust">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34195">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 14:37:07">
14:37
       </div>

       <div class="text">
<strong>🕴 PseudoManuscrypt Malware Targeted Government &amp; ICS Systems in 2021 🕴</strong><br><br><code>The &quot;PseudoManuscrypt&quot; operation infected some 35,000 computers with cyber-espionage malware and targeted computers in both government and private industry.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/pseudomanuscrypt-malware-targeted-government-ics-systems-in-2021">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34196">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 14:37:09">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41451 ‼</strong><br><br><code>An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before V1_211117 could allow an attacker to send a specially crafted HTTP/0.9 packet that could cause a cache poisoning attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41451">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34197">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 14:37:10">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-44035 ‼</strong><br><br><code>Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44035">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34198">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 15:07:12">
15:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Timely Questions for Log4j Response Now — And for the Future 🕴</strong><br><br><code>EXPERT INSIGHT: How to assess your exposure to the vulnerability with a combination of asset inventory, testing, solid information sources, and software bills of materials (SBOMs).</code><br><br><a href="https://www.darkreading.com/application-security/timely-questions-for-log4j-response-now---and-for-the-future">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34199">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 15:07:13">
15:07
       </div>

       <div class="text">
<strong>❌ Brand-New Log4Shell Attack Vector Threatens Local Hosts ❌</strong><br><br><code>The discovery, which affects services running as localhost that aren&apos;t exposed to any network or the internet, vastly widens the scope of attack possibilities.</code><br><br><a href="https://threatpost.com/new-log4shell-attack-vector-local-hosts/177128/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34200">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 15:10:12">
15:10
       </div>

       <div class="text">
<strong>⚠ Serious Security: OpenSSL fixes “error conflation” bugs – how mixing up mistakes can lead to trouble ⚠</strong><br><br><code>Have you ever seen the message &quot;An error occurred&quot;? Even worse, the message &quot;This error cannot occur&quot;? Facts matter!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/17/serious-security-openssl-fixes-error-conflation-bugs-how-mixing-up-mistakes-can-lead-to-trouble/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34201">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:07:12">
16:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Executive Partnerships Are Critical for Cybersecurity Success 🕴</strong><br><br><code>One leader alone can&apos;t protect an organization from cyber threats, C-suite leaders agree.</code><br><br><a href="https://www.darkreading.com/edge-articles/executive-partnerships-are-critical-for-cybersecurity-success">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34202">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:36:49">
16:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37862 ‼</strong><br><br><code>Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37862">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34203">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:36:49">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-32498 ‼</strong><br><br><code>SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32498">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34204">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:36:50">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-0673 ‼</strong><br><br><code>In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0673">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34205">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:36:51">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40851 ‼</strong><br><br><code>TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40851">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34206">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:36:52">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40852 ‼</strong><br><br><code>TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40852">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34207">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:36:54">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-0893 ‼</strong><br><br><code>In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0893">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34208">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:36:55">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-0894 ‼</strong><br><br><code>In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0894">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34209">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:36:56">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-20608 ‼</strong><br><br><code>Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20608">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34210">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:36:57">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-37863 ‼</strong><br><br><code>Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37863">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34211">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:36:58">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40853 ‼</strong><br><br><code>TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40853">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34212">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:37:02">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-18078 ‼</strong><br><br><code>A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account&apos;s password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18078">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34213">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:37:03">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-8968 ‼</strong><br><br><code>Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8968">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34214">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:37:05">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-0674 ‼</strong><br><br><code>In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0674">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34215">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:37:06">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-38883 ‼</strong><br><br><code>IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38883">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34216">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:37:07">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-32499 ‼</strong><br><br><code>SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32499">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34217">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:37:08">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-4010 ‼</strong><br><br><code>A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4010">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34218">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:37:09">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-0676 ‼</strong><br><br><code>In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0676">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34219">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:37:10">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-4009 ‼</strong><br><br><code>A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4009">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34220">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:37:11">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-40850 ‼</strong><br><br><code>TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40850">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34221">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 16:37:13">
16:37
       </div>

       <div class="text">
<strong>❌ Malicious Joker App Scores Half-Million Downloads on Google Play ❌</strong><br><br><code>Joker malware was found lurking in the Color Message app, ready to fleece unsuspecting users with premium SMS charges.</code><br><br><a href="https://threatpost.com/malicious-joker-app-downloads-google-play/177139/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34222">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 17:07:49">
17:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Spider-Man Movie Release Frenzy Bites Fans with Credit-Card Harvesting ❌</strong><br><br><code>Attackers are using the excitement over the new Spider-Man movie to steal bank information and spread malware.  </code><br><br><a href="https://threatpost.com/spider-man-movie-credit-card-harvesting/177146/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34223">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 17:37:51">
17:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Facebook Bans Spy-for-Hire Firms for Targeting 50K People ❌</strong><br><br><code>Meta, Facebook’s parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targets’ phones.</code><br><br><a href="https://threatpost.com/facebook-bans-spy-hire/177149/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34224">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 18:07:20">
18:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Meta Acts Against 7 Entities Found Spying on 50,000 Users 🕴</strong><br><br><code>The parent company of Facebook and Instagram has warned some 50,000 account holders they are targets of surveillance.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/meta-acts-against-7-entities-found-spying-on-50-000-users">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34225">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 18:37:37">
18:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23797 ‼</strong><br><br><code>All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23797">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34226">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 18:37:38">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-23803 ‼</strong><br><br><code>This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23803">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34227">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 18:37:40">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-23450 ‼</strong><br><br><code>All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23450">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34228">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 18:37:40">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41496 ‼</strong><br><br><code>Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy &lt; 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41496">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34229">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 18:37:41">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41495 ‼</strong><br><br><code>Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &amp;lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating and sort arrays.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41495">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34230">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 18:37:43">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-33430 ‼</strong><br><br><code>A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33430">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34231">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 18:37:44">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-23814 ‼</strong><br><br><code>This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload window - Upload an image file, then capture the request - Edit the request contents with a malicious file (webshell) - Enter the path of file uploaded on URL - Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23814">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34232">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 18:37:45">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-43840 ‼</strong><br><br><code>message_bus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled (default off) are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is no proxy for your web application as the number of steps up the directories is not bounded. For deployments which uses a proxy, the impact varies. For example, If a request goes through a proxy like Nginx with `merge_slashes` enabled, the number of steps up the directories that can be read is limited to 3 levels. This issue has been patched in version 3.3.7. Users unable to upgrade should ensure that MessageBus::Diagnostics is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43840">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34233">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 18:37:47">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-34141 ‼</strong><br><br><code>Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34141">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34234">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 18:37:47">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-43838 ‼</strong><br><br><code>jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `&lt;blockquote&gt;` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43838">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34235">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 19:08:18">
19:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Risky Is the Log4J Vulnerability? 🕴</strong><br><br><code>Security teams around the world are on high alert dealing with the Log4j vulnerability, but how risky is it, really?</code><br><br><a href="https://www.darkreading.com/edge-threat-monitor/how-risky-is-the-log4j-vulnerability-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34236">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 20:37:46">
20:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41498 ‼</strong><br><br><code>Buffer overflow in ajaxsoundstudio.com Pyo &amp;lt and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41498">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34237">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 20:37:46">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41499 ‼</strong><br><br><code>Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo &lt; 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41499">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34238">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 20:37:47">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41500 ‼</strong><br><br><code>Incomplete string comparison vulnerability exits in cvxopt.org cvxop &lt;= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41500">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34239">

      <div class="body">

       <div class="pull_right date details" title="17.12.2021 20:37:48">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41497 ‼</strong><br><br><code>Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41497">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-987">

      <div class="body details">
18 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34240">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.12.2021 03:38:07">
03:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4130 ‼</strong><br><br><code>snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34241">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.12.2021 08:38:26">
08:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4131 ‼</strong><br><br><code>livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4131">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34242">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.12.2021 10:39:16">
10:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45105 ‼</strong><br><br><code>Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45105">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-988">

      <div class="body details">
19 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34243">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:42">
01:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 Industry working group aims to standardize blockchain &apos;Identity of Things&apos; 📢</strong><br><br><code>Universal standards for blockchain-based identities aims to help promote interoperability and communication between IoT devices</code><br><br><a href="https://www.itpro.co.uk/technology/blockchain/361852/industry-working-group-standardize-blockchain-identity-of-things">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34244">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:43">
01:03
       </div>

       <div class="text">
<strong>📢 Sennheiser exposed personal data of 28,000 customers with leaky S3 bucket 📢</strong><br><br><code>Server containing full names, email addresses, phone numbers, and supplier information was left open to the public for three years</code><br><br><a href="https://www.itpro.co.uk/cloud/amazon-s3/361864/sennheiser-exposed-data-28000-customers-aws-s3-bucket">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34245">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:44">
01:03
       </div>

       <div class="text">
<strong>📢 Kronos services knocked offline by ransomware attack 📢</strong><br><br><code>The popular human resources solutions provider has admitted that it may take &quot;several weeks&quot; to recover</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361834/kronos-services-knocked-offline-with-ransomware">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34246">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:45">
01:03
       </div>

       <div class="text">
<strong>📢 Gumtree site code made personal data of users and sellers publicly accessible 📢</strong><br><br><code>Anyone could scan the website&apos;s HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website</code><br><br><a href="https://www.itpro.co.uk/policy-legislation/data-protection/361854/gumtree-html-makes-user-data-publicly-accessible">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34247">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:47">
01:03
       </div>

       <div class="text">
<strong>📢 Ransomware groups will target smaller businesses in 2022 - report 📢</strong><br><br><code>Scrutiny from law enforcement is causing groups to change tack, says analyst</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361853/ransomware-groups-will-target-smaller-businesses-in-2022">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34248">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:48">
01:03
       </div>

       <div class="text">
<strong>📢 Meta expands bug bounty programme to cover data scraping 📢</strong><br><br><code>The move comes two years after a massive scraping incident on Facebook that resulted in data leaking online</code><br><br><a href="https://www.itpro.co.uk/security/bugs/361857/meta-expands-bug-bounty-programme-to-cover-data-scraping">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34249">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:49">
01:03
       </div>

       <div class="text">
<strong>📢 What is the Log4Shell vulnerability? 📢</strong><br><br><code>The critical flaw affecting products built using Java is set to cause headaches in the enterprise for months to come</code><br><br><a href="https://www.itpro.co.uk/security/zero-day-exploit/361819/what-is-log4shell-log4j-vulnerability">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34250">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:50">
01:03
       </div>

       <div class="text">
<strong>📢 Australia and US sign CLOUD Act data-sharing deal to support criminal investigations 📢</strong><br><br><code>The legislation allows law enforcement to simplify the process of obtaining electronic data from another country</code><br><br><a href="https://www.itpro.co.uk/security/cyber-crime/361858/australia-us-sign-cloud-act-data-sharing-deal">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34251">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:51">
01:03
       </div>

       <div class="text">
<strong>📢 Google to rollout AI-based security across three UK airports 📢</strong><br><br><code>Airports in Aberdeen, Glasgow, and Southampton will test a tool designed to make it easier to spot suspicious packages</code><br><br><a href="https://www.itpro.co.uk/technology/artificial-intelligence-ai/361861/google-rolls-out-ai-security-to-three-uk-airports">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34252">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:52">
01:03
       </div>

       <div class="text">
<strong>📢 Lenovo ThinkPads vulnerable to privilege escalation exploit, researchers warn 📢</strong><br><br><code>A component running on the popular business computers is vulnerable to a chained exploit that grants full access to attackers</code><br><br><a href="https://www.itpro.co.uk/security/exploits/361865/lenovo-thinkpads-vulnerable-to-system-level-privilege-exploit">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34253">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:53">
01:03
       </div>

       <div class="text">
<strong>📢 HMRC suffered 17 data breaches over 15 months 📢</strong><br><br><code>According to a recent report, the breaches affected more than 3,000 individuals</code><br><br><a href="https://www.itpro.co.uk/security/data-breaches/361823/hmrc-suffered-17-data-breaches-over-15-months">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34254">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:54">
01:03
       </div>

       <div class="text">
<strong>📢 UK joint committee calls for tougher rules for tech giants 📢</strong><br><br><code>However, IT industry experts suggest Online Safety Bill proposals aren&apos;t clear enough for everyday users</code><br><br><a href="https://www.itpro.co.uk/business/policy-legislation/361837/uk-joint-committee-calls-for-tougher-rules-for-tech-giants">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34255">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:55">
01:03
       </div>

       <div class="text">
<strong>📢 Egyptian exiles targeted with Predator spyware resembling NSO Group&apos;s Pegasus 📢</strong><br><br><code>A high-profile politician and journalist have been targeted with spyware likely spread using WhatsApp messages</code><br><br><a href="https://www.itpro.co.uk/security/spyware/361868/egyptian-exiles-targeted-with-predator-spyware">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34256">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:57">
01:03
       </div>

       <div class="text">
<strong>📢 How to turn on Windows Defender 📢</strong><br><br><code>Find out how to switch on Windows Defender in Windows 10 and older versions of the OS</code><br><br><a href="https://www.itpro.co.uk/desktop-software/26635/how-to-turn-on-windows-defender">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34257">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:58">
01:03
       </div>

       <div class="text">
<strong>📢 How do hackers choose their targets? 📢</strong><br><br><code>We explore what goes on in the minds of cyber criminals</code><br><br><a href="https://www.itpro.co.uk/security/hacking/357971/how-do-hackers-choose-their-targets">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34258">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:03:59">
01:03
       </div>

       <div class="text">
<strong>📢 Skip the three words thing, go straight for the ‘use a password manager, dammit’ jugular 📢</strong><br><br><code>Why you can do so much better than the three-random-word rule that’s still being churned out by the NCSC</code><br><br><a href="https://www.itpro.co.uk/security/information-security-infosec/361806/skip-three-words-use-password-managers">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34259">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:04:00">
01:04
       </div>

       <div class="text">
<strong>📢 Five things to consider before choosing an MFA solution 📢</strong><br><br><code>Because we all should move on from using “password” as a password!</code><br><br><a href="https://www.itpro.co.uk/security/361870/five-things-to-consider-before-choosing-an-mfa-solution">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34260">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:04:01">
01:04
       </div>

       <div class="text">
<strong>📢 UK unveils £2.6 billion National Cyber Strategy 📢</strong><br><br><code>The strategy prioritises investing in the UK&apos;s cyber skills, improving cyber security responses, and disrupting state-backed cyber attacks</code><br><br><a href="https://www.itpro.co.uk/business/policy-legislation/361849/uk-unveils-ps26-billion-national-cyber-strategy">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34261">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:04:02">
01:04
       </div>

       <div class="text">
<strong>📢 The risks and strategies of using privacy as a business differentiator 📢</strong><br><br><code>With privacy increasingly driving customer decisions, here’s how to make it a differentiator for your business</code><br><br><a href="https://www.itpro.co.uk/security/privacy/361785/using-privacy-as-a-business-differentiator-risks-strategies">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34262">

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 01:04:03">
01:04
       </div>

       <div class="text">
<strong>📢 Log4Shell: New numbers reveal the scale of the critical software exploit 📢</strong><br><br><code>Researchers detail how much the Log4J vulnerability is being exploited and who is being targeted the most</code><br><br><a href="https://www.itpro.co.uk/security/zero-day-exploit/361847/log4shell-zero-day-vulnerability-numbers-revealed">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34263">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.12.2021 16:40:33">
16:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4136 ‼</strong><br><br><code>vim is vulnerable to Heap-based Buffer Overflow</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4136">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-989">

      <div class="body details">
20 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34264">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 03:40:33">
03:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44159 ‼</strong><br><br><code>4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44159">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34265">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 03:40:34">
03:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-44162 ‼</strong><br><br><code>Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44162">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34266">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 03:40:36">
03:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-44163 ‼</strong><br><br><code>Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44163">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34267">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 03:40:37">
03:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-44164 ‼</strong><br><br><code>Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44164">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34268">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 10:39:52">
10:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Log4Shell: The Movie… a short, safe visual tour for work and home ⚠</strong><br><br><code>Be happy that your sysadmins are taking one (three, actually!) for the team right now... here&apos;s why!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/20/log4shell-the-movie-a-short-safe-visual-tour-for-work-and-home/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34269">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 10:39:53">
10:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-41561 ‼</strong><br><br><code>Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34270">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 10:39:55">
10:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-44916 ‼</strong><br><br><code>Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim&apos;s browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44916">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34271">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 10:39:56">
10:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-44224 ‼</strong><br><br><code>A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44224">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34272">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 10:39:58">
10:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-44790 ‼</strong><br><br><code>A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44790">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34273">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 12:06:00">
12:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Healthcare provider Texas ENT alerts 535,000 patients to data breach 🗓️</strong><br><br><code>Unauthorized intruder exfiltrated personal data over a six-day period</code><br><br><a href="https://portswigger.net/daily-swig/healthcare-provider-texas-ent-alerts-535-000-patients-to-data-breach">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34274">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 12:11:01">
12:11
       </div>

       <div class="text">
<strong>🕴 Zero Trust Shouldn’t Mean Zero Trust in Employees 🕴</strong><br><br><code>Some think zero trust means you cannot or should not trust employees, an approach that misses the mark and sets up everyone for failure.</code><br><br><a href="https://www.darkreading.com/endpoint/zero-trust-shouldn-t-mean-zero-trust-in-employees">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34275">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 12:40:55">
12:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-8105 ‼</strong><br><br><code>OS Command Injection vulnerability in the wirelessConnect handler of Abode iota All-In-One Security Kit allows an attacker to inject commands and gain root access. This issue affects: Abode iota All-In-One Security Kit versions prior to 1.0.2.23_6.9V_dev_t2_homekit_RF_2.0.19_s2_kvsABODE oz.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8105">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34276">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 13:05:45">
13:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Security researcher earns plaudits after discovering Yandex SSRF flaw 🗓️</strong><br><br><code>Russian language search engine has secured its backend infrastructure</code><br><br><a href="https://portswigger.net/daily-swig/security-researcher-earns-plaudits-after-discovering-yandex-ssrf-flaw">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34277">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 13:09:48">
13:09
       </div>

       <div class="text">
<strong>❌ Third Log4J Bug Can Trigger DoS; Apache Issues Patch ❌</strong><br><br><code>The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.</code><br><br><a href="https://threatpost.com/third-log4j-bug-dos-apache-patch/177159/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34278">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 13:41:08">
13:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Four Out of Five Organizations Are Increasing Cybersecurity Budgets for 2022 🕴</strong><br><br><code>Half of security decision makers also say the cyber skills gap will significantly impact their 2022 strategy, according to new research from Neustar.</code><br><br><a href="https://www.darkreading.com/operations/four-out-of-five-organizations-are-increasing-cybersecurity-budgets-for-2022">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34279">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 13:41:09">
13:41
       </div>

       <div class="text">
<strong>🕴 Reblaze Appoints New CEO 🕴</strong><br><br><code>Ziv Oren previously held the position of chief operations officer at the company.</code><br><br><a href="https://www.darkreading.com/application-security/reblaze-appoints-new-ceo">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34280">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 13:41:10">
13:41
       </div>

       <div class="text">
<strong>🕴 Trend Micro Crowns Champions of 2021 Capture the Flag Competition 🕴</strong><br><br><code>Challenges were designed to address critical areas of cybersecurity, including reversing, cloud, IoT, open source intelligence, forensics, and machine learning.</code><br><br><a href="https://www.darkreading.com/careers-and-people/trend-micro-crowns-champions-of-2021-capture-the-flag-competition">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34281">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 14:04:44">
14:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Surveillance-for-hire: Are you a target of the booming spy business? 🦿</strong><br><br><code>Meta has exposed and acted against entities that have been spying on people and organizations around the globe. Find out how the threat actors operate and learn what you can do to protect yourself.</code><br><br><a href="https://www.techrepublic.com/article/surveillance-for-hire-are-you-a-target-of-the-booming-spy-business/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34282">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 14:07:42">
14:07
       </div>

       <div class="text">
<strong>🛠 Wapiti Web Application Vulnerability Scanner 3.0.9 🛠</strong><br><br><code>Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.</code><br><br><a href="https://packetstormsecurity.com/files/165375/wapiti3-3.0.9.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34283">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 14:23:53">
14:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SecurityScorecard Research Reveals Cyber Vulnerabilities Pose a Threat to U.S. Maritime Security 🕴</strong><br><br><code>While the shipping industry&apos;s cyber posture was better than companies in the Forbes Global 2000, the industry performed lower in key risk group factors.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/securityscorecard-research-reveals-cyber-vulnerabilities-pose-a-threat-to-u-s-maritime-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34284">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 14:23:55">
14:23
       </div>

       <div class="text">
<strong>🕴 BlackBerry Launches New Managed Extended Detection and Response (XDR) Service 🕴</strong><br><br><code>Company partners with Exabeam to launch update to its BlackBerry Guard managed detection and response (MDR) service.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/blackberry-launches-new-managed-extended-detection-and-response-xdr-service">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34285">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 14:23:56">
14:23
       </div>

       <div class="text">
<strong>🕴 SAIC Launches Rugged Apps to Provide Secure Commercial Apps to Government Users 🕴</strong><br><br><code>Rugged Apps ensures mobile apps are NIAP-compliant.</code><br><br><a href="https://www.darkreading.com/application-security/saic-launches-rugged-apps-to-provide-secure-commercial-apps-to-government-users">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34286">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 14:41:11">
14:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44675 ‼</strong><br><br><code>Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44675">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34287">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 14:41:12">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-44676 ‼</strong><br><br><code>Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44676">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34288">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 14:41:14">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-44525 ‼</strong><br><br><code>Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44525">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34289">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 15:05:11">
15:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Synthetic identity fraud: What is it and why is it harmful? 🦿</strong><br><br><code>Online consumers can do everything right and still become cyber victims. Learn about synthetic identity fraud and why &quot;buyer beware&quot; is not enough.</code><br><br><a href="https://www.techrepublic.com/article/synthetic-identity-fraud-what-is-it-and-why-is-it-harmful/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34290">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 16:38:47">
16:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Banks Will Have 36 Hours to Disclose Cyber Incidents in 2022 🔏</strong><br><br><code>Federal banking regulators recently issued a rule around reporting data incidents that’s scheduled to go into effect in April 2022.</code><br><br><a href="https://digitalguardian.com/blog/banks-will-have-36-hours-disclose-cyber-incidents-2022">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34291">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 17:09:58">
17:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Robocalls More Than Doubled in 2021, Cost Victims $30B ❌</strong><br><br><code>T-Mobile reported blocking 21 billion scam calls during a record-smashing year for robocalls.</code><br><br><a href="https://threatpost.com/robocalls-doubled-2021-30b/177165/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34292">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 18:11:25">
18:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 NetSPI Adds IoT Penetration Testing to its Suite of Offensive Security Services 🕴</strong><br><br><code>Led by IoT security expert Larry Trowell, the IoT pen-testing services focus on securing ATMs, automotive, medical devices, operational technology, and other embedded systems.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/netspi-adds-iot-penetration-testing-to-its-suite-of-offensive-security-services">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34293">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 18:11:26">
18:11
       </div>

       <div class="text">
<strong>🕴 Brillio Acquires Cedrus Digital to Strengthen Their Digital Transformation Service Capabilities 🕴</strong><br><br><code>The acquisition of Cedrus Digital, with its consulting-led model and over 150 cloud, data and product engineers, primarily in the United States, will further augment Brillio’s nearshore digital transformation capabilities offered for Fortune 500 clients.</code><br><br><a href="https://www.darkreading.com/cloud/brillio-acquires-cedrus-digital-to-strengthen-their-digital-transformation-service-capabilities">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34294">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 18:41:10">
18:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43438 ‼</strong><br><br><code>Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43438">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34295">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 18:41:11">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-43441 ‼</strong><br><br><code>An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43441">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34296">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 18:41:12">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-19316 ‼</strong><br><br><code>OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19316">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34297">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 18:41:13">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-43437 ‼</strong><br><br><code>In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifies which website should process the HTTP request. The web server uses the value of this header to dispatch the request to the specified website. Each website hosted on the same IP address is called a virtual host. And It&apos;s possible to send requests with arbitrary Host Headers to the first virtual host.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43437">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34298">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 18:41:14">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-43439 ‼</strong><br><br><code>RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43439">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34299">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 18:41:17">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-43440 ‼</strong><br><br><code>Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43440">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34300">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 19:04:44">
19:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Restrict remote users to a chroot jail in Linux 🦿</strong><br><br><code>Jack Wallen shows you how to restrict server users to a specific directory in Linux.</code><br><br><a href="https://www.techrepublic.com/videos/restrict-remote-users-to-a-chroot-jail-in-linux/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34301">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 19:40:02">
19:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Conti Ransomware Gang Has Full Log4Shell Attack Chain ❌</strong><br><br><code>Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain.</code><br><br><a href="https://threatpost.com/conti-ransomware-gang-has-full-log4shell-attack-chain/177173/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34302">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:27">
20:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43844 ‼</strong><br><br><code>MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user&apos;s default browser. MSEdgeRedirect versions before 0.5.0.1 are vulnerable to Remote Code Execution via specifically crafted URLs. This vulnerability requires user interaction and the acceptance of a prompt. With how MSEdgeRedirect is coded, parameters are impossible to pass to any launched file. However, there are two possible scenarios in which an attacker can do more than a minor annoyance. In Scenario 1 (confirmed), a user visits an attacker controlled webpage; the user is prompted with, and downloads, an executable payload; the user is prompted with, and accepts, the aforementioned crafted URL prompt; and RCE executes the payload the user previously downloaded, if the download path is successfully guessed. In Scenario 2 (not yet confirmed), a user visits an attacked controlled webpage; the user is prompted with, and accepts, the aforementioned crafted URL prompt; and a payload on a remote, attacker controlled, SMB server is executed. The issue was found in the _DecodeAndRun() function, in which I incorrectly assumed _WinAPI_UrlIs() would only accept web resources. Unfortunately, file:/// passes the default _WinAPI_UrlIs check(). File paths are now directly checked for and must fail. There is no currently known exploitation of this vulnerability in the wild. A patched version, 0.5.0.1, has been released that checks for and denies these crafted URLs. There are no workarounds for this issue. Users are advised not to accept any unexpected prompts from web pages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43844">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34303">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:29">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-35248 ‼</strong><br><br><code>It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35248">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34304">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:29">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43746 ‼</strong><br><br><code>Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43746">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34305">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:31">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43030 ‼</strong><br><br><code>Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43030">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34306">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:32">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-22057 ‼</strong><br><br><code>VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22057">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34307">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:33">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43025 ‼</strong><br><br><code>Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43025">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34308">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:35">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43846 ‼</strong><br><br><code>`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user&apos;s cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the &quot;Add to cart&quot; action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43846">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34309">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:36">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43847 ‼</strong><br><br><code>HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43847">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34310">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:38">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43029 ‼</strong><br><br><code>Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43029">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34311">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:39">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43748 ‼</strong><br><br><code>Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43748">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34312">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:40">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43021 ‼</strong><br><br><code>Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EXR file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34313">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:41">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-42808 ‼</strong><br><br><code>Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42808">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34314">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:43">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43028 ‼</strong><br><br><code>Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43028">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34315">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:44">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-38415 ‼</strong><br><br><code>Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38415">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34316">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:45">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-22056 ‼</strong><br><br><code>VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22056">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34317">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:46">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-44181 ‼</strong><br><br><code>Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44181">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34318">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:48">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43023 ‼</strong><br><br><code>Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EPS/TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34319">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:49">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-40784 ‼</strong><br><br><code>Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40784">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34320">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:50">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43750 ‼</strong><br><br><code>Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43750">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34321">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:11:51">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-44182 ‼</strong><br><br><code>Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44182">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34322">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:15:34">
20:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-44697 ‼</strong><br><br><code>Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MOV file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44697">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34323">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:15:38">
20:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-44180 ‼</strong><br><br><code>Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44180">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34324">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:15:39">
20:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-42809 ‼</strong><br><br><code>Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42809">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34325">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:15:40">
20:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-44699 ‼</strong><br><br><code>Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44699">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34326">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:15:41">
20:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-44179 ‼</strong><br><br><code>Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44179">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34327">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:15:42">
20:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-44183 ‼</strong><br><br><code>Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44183">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34328">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:42:04">
20:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Russian National Extradited for Illegal Hacking &amp; Trading 🕴</strong><br><br><code>Vladislav Klyushin was allegedly involved in a global operation to trade on nonpublic data stolen from US computer networks.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/russian-national-extradited-for-illegal-hacking-trading">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34329">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 20:55:28">
20:55
       </div>

       <div class="text">
<strong>🕴 New Log4j Attack Vector Discovered 🕴</strong><br><br><code>Meanwhile, Apache Foundation releases third update to logging tool in 10 days to address yet another flaw.</code><br><br><a href="https://www.darkreading.com/application-security/researchers-uncover-new-attack-vector-for-log4j-flaw">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34330">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:18">
22:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2019-2370 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2370">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34331">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:20">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2020-11374 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11374">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34332">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:22">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2019-14152 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14152">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34333">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:23">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2020-11375 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11375">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34334">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:24">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2017-11071 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11071">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34335">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:25">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2020-16643 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16643">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34336">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:26">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2020-11373 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11373">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34337">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:29">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2020-11338 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34338">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:30">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2019-14109 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14109">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34339">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:31">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2019-14102 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14102">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34340">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:34">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2019-14187 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14187">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34341">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:35">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2019-14188 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14188">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34342">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:36">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2019-2351 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2351">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34343">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:37">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2019-14084 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14084">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34344">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:39">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2019-14166 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14166">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34345">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:40">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2020-11341 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11341">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34346">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:41">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2019-2384 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2384">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34347">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:43">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2019-2357 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2357">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34348">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:44">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2019-14142 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14142">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34349">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:11:46">
22:11
       </div>

       <div class="text">
<strong>‼ CVE-2018-13970 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13970">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34350">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:39">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-3682 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34351">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:40">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-16652 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16652">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34352">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:42">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-16738 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16738">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34353">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:44">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2019-2362 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2362">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34354">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:45">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-11388 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11388">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34355">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:47">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-11313 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11313">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34356">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:50">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-16757 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16757">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34357">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:52">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-16677 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16677">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34358">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:53">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-16750 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16750">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34359">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:56">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-16667 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16667">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34360">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:57">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-16742 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16742">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34361">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:58">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-16717 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16717">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34362">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:17:59">
22:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-16718 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16718">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34363">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:18:00">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-16666 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16666">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34364">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:18:03">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-16798 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16798">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34365">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:18:05">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-11399 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11399">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34366">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:18:06">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-11402 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11402">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34367">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:18:08">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-3706 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3706">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34368">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:18:10">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-11405 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11405">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34369">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:18:11">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-11365 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11365">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34370">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:18">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-16804 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16804">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34371">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:19">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2019-14150 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14150">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34372">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:20">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-16639 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16639">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34373">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:22">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2019-2286 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2286">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34374">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:24">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-16710 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16710">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34375">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:25">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2019-2383 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2383">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34376">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:26">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-16786 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16786">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34377">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:27">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2019-2363 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2363">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34378">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:28">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-16670 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16670">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34379">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:29">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-16672 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16672">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34380">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:30">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-16693 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16693">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34381">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:31">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-11395 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11395">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34382">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:33">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2019-2365 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2365">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34383">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:34">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-16737 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16737">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34384">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:35">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-11370 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11370">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34385">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:36">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-16769 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16769">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34386">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:37">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-16778 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16778">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34387">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:39">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-11403 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11403">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34388">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:40">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2019-13997 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13997">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34389">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:21:41">
22:21
       </div>

       <div class="text">
<strong>‼ CVE-2019-2344 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2344">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34390">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:40">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-16645 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16645">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34391">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:42">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-11348 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11348">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34392">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:43">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-16828 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16828">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34393">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:45">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-16800 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16800">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34394">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:46">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2019-14158 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14158">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34395">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:48">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-16835 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16835">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34396">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:49">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2018-13978 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13978">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34397">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:50">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-16730 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16730">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34398">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:52">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-11349 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11349">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34399">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:54">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-16815 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16815">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34400">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:55">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-11362 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11362">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34401">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:56">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2019-14141 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14141">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34402">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:23:56">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-16780 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16780">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34403">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:24:00">
22:24
       </div>

       <div class="text">
<strong>‼ CVE-2020-16810 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16810">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34404">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:24:02">
22:24
       </div>

       <div class="text">
<strong>‼ CVE-2020-16664 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16664">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34405">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:24:04">
22:24
       </div>

       <div class="text">
<strong>‼ CVE-2020-16706 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16706">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34406">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:24:05">
22:24
       </div>

       <div class="text">
<strong>‼ CVE-2019-14128 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34407">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:24:06">
22:24
       </div>

       <div class="text">
<strong>‼ CVE-2019-14140 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14140">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34408">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:24:09">
22:24
       </div>

       <div class="text">
<strong>‼ CVE-2020-16651 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16651">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34409">

      <div class="body">

       <div class="pull_right date details" title="20.12.2021 22:24:10">
22:24
       </div>

       <div class="text">
<strong>‼ CVE-2019-14143 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14143">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-990">

      <div class="body details">
21 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34410">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:22:13">
08:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24846 ‼</strong><br><br><code>The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24846">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34411">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:22:14">
08:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-24981 ‼</strong><br><br><code>The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24981">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34412">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:22:15">
08:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-45450 ‼</strong><br><br><code>In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45450">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34413">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:22:16">
08:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-24956 ‼</strong><br><br><code>The Blog2Social: Social Media Auto Post &amp; Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24956">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34414">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:23:37">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24738 ‼</strong><br><br><code>The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the &quot;Logo Margin&quot; carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24738">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34415">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:23:38">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24907 ‼</strong><br><br><code>The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24907">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34416">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:23:40">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24941 ‼</strong><br><br><code>The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24941">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34417">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:23:41">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45451 ‼</strong><br><br><code>In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45451">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34418">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:23:42">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24750 ‼</strong><br><br><code>The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24750">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34419">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:23:44">
08:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24578 ‼</strong><br><br><code>The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24578">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34420">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:25:14">
08:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-24739 ‼</strong><br><br><code>The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24739">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34421">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:29:57">
08:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24849 ‼</strong><br><br><code>The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24849">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34422">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 08:42:11">
08:42
       </div>

       <div class="text">
<strong>🕴 How is Zero Trust Evolving to be More Continuous in Verifying Trust? 🕴</strong><br><br><code>For zero trust to be successful, organizations need to be able to check user identity, device posture, and overall behavior without adding friction to the experience.</code><br><br><a href="https://www.darkreading.com/edge-ask-the-experts/how-is-zero-trust-evolving-to-be-more-continuous-in-verifying-trust-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34423">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 10:11:51">
10:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45255 ‼</strong><br><br><code>The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL&apos;s load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45255">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34424">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 10:11:53">
10:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-45253 ‼</strong><br><br><code>The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL&apos;s load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45253">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34425">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 10:11:55">
10:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-45252 ‼</strong><br><br><code>Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45252">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34426">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 11:06:09">
11:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Ubisoft confirms Just Dance video game data breach 🗓️</strong><br><br><code>Developer said no accounts had been improperly accessed</code><br><br><a href="https://portswigger.net/daily-swig/ubisoft-confirms-just-dance-video-game-data-breach">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34427">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 11:36:45">
11:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 F-Secure uses flaw in at-home COVID-19 test to fake results 🦿</strong><br><br><code>Security researchers used a Bluetooth vulnerability to change negative results to positive.</code><br><br><a href="https://www.techrepublic.com/article/f-secure-uses-flaw-in-at-home-covid-19-test-to-fake-results/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34428">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 12:10:33">
12:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ FBI: Another Zoho ManageEngine Zero-Day Under Active Attack ❌</strong><br><br><code>APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence.</code><br><br><a href="https://threatpost.com/zoho-zero-day-manageengine-active-attack/177178/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34429">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 12:13:36">
12:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-4139 ‼</strong><br><br><code>pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4139">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34430">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 12:13:39">
12:13
       </div>

       <div class="text">
<strong>🕴 The Future of Ransomware 🕴</strong><br><br><code>Focusing on basic security controls and executing them well is the best way to harden your systems against an attack.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/the-future-of-ransomware">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34431">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 12:36:20">
12:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Browser security: Google fixes Chrome Site Isolation bypass bug 🗓️</strong><br><br><code>Vulnerability in Chrome’s service worker feature created chink in browser’s armor</code><br><br><a href="https://portswigger.net/daily-swig/browser-security-google-fixes-chrome-site-isolation-bypass-bug">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34432">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 13:12:28">
13:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 A Year in Microsoft Bugs: The Most Critical, Overlooked &amp; Hard to Patch 🕴</strong><br><br><code>Severe flaws in Microsoft Exchange and Windows Print Spooler stood out amid a wide range of vulnerabilities security teams were forced to prioritize in 2021.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/a-year-in-microsoft-bugs-the-most-critical-overlooked-and-hard-to-patch">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34433">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 13:36:13">
13:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Survey scams rekindled using advertising industry tricks to deliver tailor-made assaults 🗓️</strong><br><br><code>More bad men than Mad Men</code><br><br><a href="https://portswigger.net/daily-swig/survey-scams-rekindled-using-advertising-industry-tricks-to-deliver-tailor-made-assaults">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34434">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 14:10:35">
14:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Two Active Directory Bugs Lead to Easy Windows Domain Takeover ❌</strong><br><br><code>Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.</code><br><br><a href="https://threatpost.com/active-directory-bugs-windows-domain-takeover/177185/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34435">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 14:23:25">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2012-20001 ‼</strong><br><br><code>PrestaShop before 1.5.2 allows XSS via the &quot;&lt;object data=&apos;data:text/html&quot; substring in the message field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-20001">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34436">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 14:23:27">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45090 ‼</strong><br><br><code>Stormshield Endpoint Security before 2.1.2 allows remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45090">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34437">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 14:23:28">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45089 ‼</strong><br><br><code>Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45089">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34438">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 14:23:30">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45091 ‼</strong><br><br><code>Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45091">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34439">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 15:10:28">
15:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Apache’s other product: Critical bugs in ‘httpd’ web server, patch now! ⚠</strong><br><br><code>The Apache web server just got an update - this one is nothing to do with Log4j!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/21/apaches-other-product-critical-bugs-in-httpd-web-server-patch-now/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34440">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 15:10:30">
15:10
       </div>

       <div class="text">
<strong>⚠ Log4Shell: The Movie… a short, safe visual tour for work and home ⚠</strong><br><br><code>Be happy that your sysadmins are taking one (three, actually!) for the team right now... here&apos;s why!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/20/log4shell-the-movie-a-short-safe-visual-tour-for-work-and-home/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34441">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:07">
16:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43587 ‼</strong><br><br><code>Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43587">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34442">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:08">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-36350 ‼</strong><br><br><code>Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36350">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34443">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:10">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-36318 ‼</strong><br><br><code>Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36318">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34444">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:11">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-45291 ‼</strong><br><br><code>The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45291">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34445">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:12">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-27451 ‼</strong><br><br><code>Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27451">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34446">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:13">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-36317 ‼</strong><br><br><code>Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36317">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34447">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:14">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-45289 ‼</strong><br><br><code>A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45289">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34448">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:16">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44876 ‼</strong><br><br><code>Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the identification of the correct tenant for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44876">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34449">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:19">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-27447 ‼</strong><br><br><code>Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27447">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34450">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:20">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44875 ‼</strong><br><br><code>Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34451">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:21">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44877 ‼</strong><br><br><code>Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability has been found while using a temporary generated token in order to consume api resources. The vulnerability allows an unauthenticated attacker to use an api endpoint to generate a temporary JWT token that is designed to reference the correct tenant prior to authentication, to request system configuration parameters using direct api requests. The correct exploitation of this vulnerability causes sensitive information exposure. In case the tenant has an smtp credential set, the full credential information is disclosed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44877">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34452">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:22">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-45290 ‼</strong><br><br><code>A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45290">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34453">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:23">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-45292 ‼</strong><br><br><code>The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45292">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34454">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:24">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2020-19770 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin&apos;s cookie.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19770">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34455">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:25">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-27445 ‼</strong><br><br><code>Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27445">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34456">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:26">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-36341 ‼</strong><br><br><code>Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36341">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34457">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:28">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-45288 ‼</strong><br><br><code>A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45288">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34458">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:30">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-36316 ‼</strong><br><br><code>Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36316">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34459">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:30">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-45293 ‼</strong><br><br><code>A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45293">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34460">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 16:12:32">
16:12
       </div>

       <div class="text">
<strong>‼ CVE-2021-44207 ‼</strong><br><br><code>Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44207">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34461">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 17:10:41">
17:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Half-Billion Compromised Credentials Lurking on Open Cloud Server ❌</strong><br><br><code>A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned.</code><br><br><a href="https://threatpost.com/half-billion-compromised-credentials-cloud-server/177202/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34462">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 18:10:42">
18:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look ❌</strong><br><br><code>There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.</code><br><br><a href="https://threatpost.com/java-supply-chain-log4j-bug/177211/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34463">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 18:13:44">
18:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-45297 ‼</strong><br><br><code>An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45297">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34464">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 18:13:45">
18:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44859 ‼</strong><br><br><code>An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44859">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34465">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 18:13:47">
18:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-38893 ‼</strong><br><br><code>IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38893">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34466">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 18:13:48">
18:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44422 ‼</strong><br><br><code>An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44422">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34467">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 18:13:49">
18:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-38900 ‼</strong><br><br><code>IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38900">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34468">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 18:13:50">
18:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44423 ‼</strong><br><br><code>An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. The specific issue exists after loading BMP files. Unchecked input data from a crafted BMP file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44423">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34469">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 18:13:51">
18:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-38966 ‼</strong><br><br><code>IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38966">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34470">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 18:13:53">
18:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44860 ‼</strong><br><br><code>An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44860">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34471">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 18:13:54">
18:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-44917 ‼</strong><br><br><code>A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34472">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 20:17:17">
20:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44925 ‼</strong><br><br><code>A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44925">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34473">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 20:17:18">
20:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-44922 ‼</strong><br><br><code>A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44922">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34474">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 20:17:19">
20:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-44920 ‼</strong><br><br><code>An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44920">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34475">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 20:17:20">
20:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-44923 ‼</strong><br><br><code>A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44923">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34476">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 20:17:21">
20:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-44927 ‼</strong><br><br><code>A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44927">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34477">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 20:17:25">
20:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-44918 ‼</strong><br><br><code>A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44918">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34478">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 20:17:25">
20:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-44926 ‼</strong><br><br><code>A null pointer dereference vulnerability exists in the gpac in the gf_node_get_tag function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44926">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34479">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 20:17:26">
20:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-44921 ‼</strong><br><br><code>A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44921">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34480">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 20:17:27">
20:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-44919 ‼</strong><br><br><code>A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44919">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34481">

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 20:17:28">
20:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-44924 ‼</strong><br><br><code>An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44924">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34482">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 21:05:28">
21:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to check if your Linux servers are vulnerable to the Log4j flaw with a single command 🦿</strong><br><br><code>Jack Wallen shows you a quick way to test if your Linux servers are vulnerable to the Log4j vulnerability.</code><br><br><a href="https://www.techrepublic.com/videos/how-to-check-if-your-linux-servers-are-vulnerable-to-the-log4j-flaw-with-a-single-command/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34483">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.12.2021 22:17:24">
22:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43851 ‼</strong><br><br><code>Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the &quot;group&quot; and &quot;status&quot; parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43851">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-991">

      <div class="body details">
22 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34484">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 00:05:07">
00:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 NCA donates 225 million passwords to Have I Been Pwned 📢</strong><br><br><code>The move comes as both UK and US national crime-fighting agencies collaborate with the popular compromised credential checker</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361882/nca-donates-225m-passwords-haveibeenpwned">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34485">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 00:05:08">
00:05
       </div>

       <div class="text">
<strong>📢 Google Cloud extends partnership with Minsait 📢</strong><br><br><code>New deal will help improve digital sovereignty in Spain’s public and private sector organizations</code><br><br><a href="https://www.itpro.co.uk/business-strategy/digital-transformation/361879/google-cloud-extends-partnership-with-minsait">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34486">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 00:05:09">
00:05
       </div>

       <div class="text">
<strong>📢 What is the Log4Shell vulnerability? 📢</strong><br><br><code>The critical flaw affecting products built using Java is set to cause headaches in the enterprise for months to come</code><br><br><a href="https://www.itpro.co.uk/security/zero-day-exploit/361819/what-is-log4shell-log4j-vulnerability">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34487">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 00:05:10">
00:05
       </div>

       <div class="text">
<strong>📢 T-Mobile: Scam calls hit an all-time high in 2021 📢</strong><br><br><code>The carrier reported a 116% increase in fraudulent calls compared to 2020</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361889/t-mobile-scam-calls-hit-an-all-time-high-in-2021">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34488">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 00:05:11">
00:05
       </div>

       <div class="text">
<strong>📢 Hackers bypass patched Microsoft Office flaw to inject Formbook malware 📢</strong><br><br><code>The attack is thought to be a dry run for a wider campaign in the future</code><br><br><a href="https://www.itpro.co.uk/security/malware/361885/hackers-bypass-patched-microsoft-office-flaw-inject-malware">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34489">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 00:05:15">
00:05
       </div>

       <div class="text">
<strong>📢 Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp 📢</strong><br><br><code>The company is seeking $500,000 from the unnamed threat actors that ran phishing scam on its platforms</code><br><br><a href="https://www.itpro.co.uk/security/phishing/361887/meta-files-lawsuit-against-phishing-hackers-whatsapp-facebook-instagram">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34490">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 00:05:16">
00:05
       </div>

       <div class="text">
<strong>📢 IT Pro 20/20: Does the UK stand a chance in the global AI race? 📢</strong><br><br><code>Lofty goals and a rich history in computer science may not be enough to stay relevant</code><br><br><a href="https://www.itpro.co.uk/technology/artificial-intelligence-ai/361888/does-the-uk-stand-a-chance-in-the-global-ai-race">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34491">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 10:17:55">
10:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40836 ‼</strong><br><br><code>A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Fixed in Capricorn update 2021-12-13_07.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40836">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34492">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 10:41:42">
10:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Multiple vulnerabilities in Microsoft Teams could spoof URLs, leak IP addresses 🗓️</strong><br><br><code>Only one of the issues has so far been patched</code><br><br><a href="https://portswigger.net/daily-swig/multiple-vulnerabilities-in-microsoft-teams-could-spoof-urls-leak-ip-addresses">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34493">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 11:11:18">
11:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Four Bugs in Microsoft Teams Left Platform Vulnerable Since March ❌</strong><br><br><code>Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack.</code><br><br><a href="https://threatpost.com/microsoft-teams-bugs-vulnerable-march/177225/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34494">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 12:18:20">
12:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36750 ‼</strong><br><br><code>ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other applications, mishandles key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36750">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34495">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 12:18:22">
12:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-40612 ‼</strong><br><br><code>An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40612">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34496">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 12:36:55">
12:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Anti-cheating browser extension fails web security examination 🗓️</strong><br><br><code>XSS flaw in Proctorio gets resolved</code><br><br><a href="https://portswigger.net/daily-swig/anti-cheating-browser-extension-fails-web-security-examination">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34497">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 13:36:00">
13:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Conti ransomware is exploiting the Log4Shell vulnerability to the tune of millions 🦿</strong><br><br><code>Log4Shell is a dangerous security concern — and now Conti, a prominent ransomware group, is exploiting it to attack vulnerable servers to extort millions of dollars.</code><br><br><a href="https://www.techrepublic.com/article/conti-ransomware-is-exploiting-the-log4shell-vulnerability-to-the-tune-of-millions/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34498">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 13:36:04">
13:36
       </div>

       <div class="text">
<strong>🗓️ Bug bounty platforms handling thousands of Log4j vulnerability reports 🗓️</strong><br><br><code>Leading platforms report back from the front line as vendors grapple with landmark bug Bug bounty hunters have already submitted thousands of vulnerability reports related to the Apache Log4j bug that</code><br><br><a href="https://portswigger.net/daily-swig/bug-bounty-platforms-handling-thousands-of-log4j-vulnerability-reports">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34499">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 14:18:05">
14:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45418 ‼</strong><br><br><code>Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet &lt;=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium &lt;=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45418">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34500">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 14:40:53">
14:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Apache’s other product: Critical bugs in ‘httpd’ web server, patch now! ⚠</strong><br><br><code>The Apache web server just got an update - this one is nothing to do with Log4j!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/21/apaches-other-product-critical-bugs-in-httpd-web-server-patch-now/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34501">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 15:10:58">
15:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Plundered bitcoins recovered by FBI – all 3,879-and-one-sixth of them! ⚠</strong><br><br><code>Phew! An audacious crime... that didn&apos;t work out.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/22/plundered-bitcoins-recovered-by-fbi-all-3879-and-one-sixth-of-them/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34502">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 15:11:00">
15:11
       </div>

       <div class="text">
<strong>❌ Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS ❌</strong><br><br><code>Don&apos;t freak: It&apos;s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD&apos;s tendency to tiptoe into software projects.</code><br><br><a href="https://threatpost.com/apache-httpd-server-bugs-rce-dos/177234/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34503">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 15:41:21">
15:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ PYSA Emerges as Top Ransomware Actor in November ❌</strong><br><br><code>Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks.</code><br><br><a href="https://threatpost.com/pysa-top-ransomware-november/177242/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34504">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 15:41:23">
15:41
       </div>

       <div class="text">
<strong>❌ All in One SEO Plugin Bug Threatens 3M Websites with Takeovers ❌</strong><br><br><code>A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.</code><br><br><a href="https://threatpost.com/all-in-one-seo-plugin-bug-threatens-3m-websites-with-takeovers/177240/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34505">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:11:48">
16:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Time to Ditch Big-Brother Accounts for Network Scanning ❌</strong><br><br><code>Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.</code><br><br><a href="https://threatpost.com/domain-admin-accounts-scan-network/177194/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34506">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:14">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-39013 ‼</strong><br><br><code>IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39013">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34507">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:16">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-45260 ‼</strong><br><br><code>A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45260">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34508">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:18">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-44659 ‼</strong><br><br><code>Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44659">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34509">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:21">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-4113 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4113">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34510">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:25">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-45419 ‼</strong><br><br><code>Certain Starcharge products are affected by Improper Input Validation. The affected products include: Nova 360 Cabinet &lt;= 1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0 and Titan 180 Premium &lt;= 1.3.0.0.6 - Fixed: 1.3.0.0.9.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45419">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34511">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:28">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-44733 ‼</strong><br><br><code>A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44733">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34512">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:32">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-45258 ‼</strong><br><br><code>A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45258">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34513">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:34">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-43630 ‼</strong><br><br><code>Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43630">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34514">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:37">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-43156 ‼</strong><br><br><code>In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43156">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34515">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:39">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-43158 ‼</strong><br><br><code>In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer&apos;s cart.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43158">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34516">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:43">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-45267 ‼</strong><br><br><code>An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45267">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34517">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:45">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-4114 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4114">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34518">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:47">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-43155 ‼</strong><br><br><code>Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the &quot;bookisbn&quot; parameter in cart.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43155">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34519">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:51">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-45257 ‼</strong><br><br><code>An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45257">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34520">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:54">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-43628 ‼</strong><br><br><code>Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43628">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34521">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:57">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-45266 ‼</strong><br><br><code>A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45266">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34522">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:18:59">
16:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-45262 ‼</strong><br><br><code>An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45262">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34523">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:19:00">
16:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-43629 ‼</strong><br><br><code>Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43629">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34524">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:19:03">
16:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-43157 ‼</strong><br><br><code>Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43157">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34525">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 16:19:06">
16:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-37706 ‼</strong><br><br><code>PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37706">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34526">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:20">
18:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21934 ‼</strong><br><br><code>A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21934">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34527">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:23">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21878 ‼</strong><br><br><code>A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21878">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34528">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:24">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21906 ‼</strong><br><br><code>Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connectâ€�, to interact with the iC Module on behalf of the user. Every time a user submits a password to the CLI password prompt, the buffer containing their input is passed as the password parameter to the checkPassword function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21906">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34529">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:25">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21909 ‼</strong><br><br><code>Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21909">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34530">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:27">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21901 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21901">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34531">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:28">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21922 ‼</strong><br><br><code>A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21922">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34532">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:29">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21892 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21892">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34533">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:31">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40418 ‼</strong><br><br><code>When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40418">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34534">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:32">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21903 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21903">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34535">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:34">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21880 ‼</strong><br><br><code>A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21880">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34536">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:36">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21916 ‼</strong><br><br><code>An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at &apos;description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21916">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34537">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:37">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21904 ‼</strong><br><br><code>A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21904">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34538">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:40">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21927 ‼</strong><br><br><code>A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21927">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34539">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:40">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21883 ‼</strong><br><br><code>An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21883">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34540">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:42">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40393 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40393">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34541">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:44">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21895 ‼</strong><br><br><code>A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21895">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34542">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:45">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21912 ‼</strong><br><br><code>A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21912">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34543">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:46">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21879 ‼</strong><br><br><code>A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21879">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34544">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:48">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21875 ‼</strong><br><br><code>A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34545">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 18:23:49">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21907 ‼</strong><br><br><code>A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21907">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34546">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 20:18:30">
20:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43853 ‼</strong><br><br><code>Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation when parsing json input. Releases before version 21.12.22.1 are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43853">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34547">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 22:18:33">
22:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-20601 ‼</strong><br><br><code>An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20601">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34548">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 22:18:34">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-20425 ‼</strong><br><br><code>S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20425">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34549">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 22:18:35">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-20598 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20598">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34550">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 22:18:37">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-20593 ‼</strong><br><br><code>A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20593">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34551">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 22:18:38">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-20605 ‼</strong><br><br><code>Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java component.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20605">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34552">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 22:18:39">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-20426 ‼</strong><br><br><code>S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20426">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34553">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 22:18:40">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-20600 ‼</strong><br><br><code>MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&amp;c=index&amp;a=doAddColumn.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20600">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34554">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 22:18:42">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-20595 ‼</strong><br><br><code>A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20595">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34555">

      <div class="body">

       <div class="pull_right date details" title="22.12.2021 22:18:44">
22:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-20597 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20597">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-992">

      <div class="body details">
23 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34556">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 08:19:00">
08:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44548 ‼</strong><br><br><code>An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44548">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34557">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 08:19:01">
08:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-45463 ‼</strong><br><br><code>GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45463">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34558">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 08:19:02">
08:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-4144 ‼</strong><br><br><code>TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4144">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34559">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 11:37:17">
11:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ US clothing supplier Pro Wrestling Tees hit by data breach 🗓️</strong><br><br><code>Law enforcement alerted company to compromise of payment card info</code><br><br><a href="https://portswigger.net/daily-swig/us-clothing-supplier-pro-wrestling-tees-hit-by-data-breach">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34560">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 11:41:20">
11:41
       </div>

       <div class="text">
<strong>⚠ Plundered bitcoins recovered by FBI – all 3,879-and-one-sixth of them! ⚠</strong><br><br><code>Phew! An audacious crime... that didn&apos;t work out.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/22/plundered-bitcoins-recovered-by-fbi-all-3879-and-one-sixth-of-them/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34561">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 12:12:01">
12:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ ‘Spider-Man: No Way Home’ Download Installs Cryptominer ❌</strong><br><br><code>The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report.</code><br><br><a href="https://threatpost.com/spider-man-no-way-home-download-installs-cryptominer/177254/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34562">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 12:19:10">
12:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-44600 ‼</strong><br><br><code>The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information about the users of this system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44600">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34563">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 12:19:11">
12:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-44599 ‼</strong><br><br><code>The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL&apos;s load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44599">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34564">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 12:37:16">
12:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Wireless coexistence – New attack technique exploits Bluetooth, WiFi performance features for ‘inter-chip privilege escalation’ 🗓️</strong><br><br><code>Attackers can use connections between wireless chips to steal data or credentials, researchers find</code><br><br><a href="https://portswigger.net/daily-swig/wireless-coexistence-new-attack-technique-exploits-bluetooth-wifi-performance-features-for-inter-chip-privilege-escalation">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34565">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 13:12:10">
13:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Telegram Abused to Steal Crypto-Wallet Credentials ❌</strong><br><br><code>Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said.</code><br><br><a href="https://threatpost.com/telegram-steal-crypto-wallet-credentials/177266/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34566">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 13:36:16">
13:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to deploy a Bitwarden server with Docker 🦿</strong><br><br><code>Are you looking to deploy an in-house password manager server? Jack Wallen shows you how with Bitwarden and Docker.</code><br><br><a href="https://www.techrepublic.com/article/how-to-deploy-a-bitwarden-server-with-docker/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34567">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 13:36:18">
13:36
       </div>

       <div class="text">
<strong>🗓️ Popular WordPress platform Flywheel vulnerable to subdomain takeover 🗓️</strong><br><br><code>Malicious actors could wreak havoc by impersonating legitimate websites</code><br><br><a href="https://portswigger.net/daily-swig/popular-wordpress-platform-flywheel-vulnerable-to-subdomain-takeover">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34568">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 14:19:18">
14:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44526 ‼</strong><br><br><code>Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44526">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34569">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 14:19:21">
14:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-23175 ‼</strong><br><br><code>NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23175">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34570">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 14:19:22">
14:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-3892 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-18198. Reason: This candidate is a reservation duplicate of CVE-2019-18198. Notes: All CVE users should reference CVE-2019-18198 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3892">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34571">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 15:14:09">
15:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ The cool retro phone with a REAL DIAL… plus plenty of IoT problems ⚠</strong><br><br><code>You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/23/the-cool-retro-phone-with-a-real-dial-plus-plenty-of-iot-problems/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34572">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 16:12:08">
16:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code ❌</strong><br><br><code>The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities.</code><br><br><a href="https://threatpost.com/microsoft-azure-zero-day-source-code/177270/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34573">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 16:21:12">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-43854 ‼</strong><br><br><code>NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions, are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable functions will cause them to take a significant amount of execution time. If your program relies on any of the vulnerable functions for tokenizing unpredictable user input, then we would strongly recommend upgrading to a version of NLTK without the vulnerability. For users unable to upgrade the execution time can be bounded by limiting the maximum length of an input to any of the vulnerable functions. Our recommendation is to implement such a limit.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43854">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34574">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 16:21:15">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-4118 ‼</strong><br><br><code>pytorch-lightning is vulnerable to Deserialization of Untrusted Data</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4118">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34575">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 16:21:17">
16:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-43849 ‼</strong><br><br><code>cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn&apos;t handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn&apos;t export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute android:exported in plugin.xml to false. Please upgrade to version 5.0.1 as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43849">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34576">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 17:06:20">
17:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Grinch bots hijack all kinds of holiday shopping, from gift cards to hype drop sales 🦿</strong><br><br><code>Kasada research finds that all-in-one bots are fooling cyberdefenses and automating the checkout process to snap up in-demand goods.</code><br><br><a href="https://www.techrepublic.com/article/grinch-bots-hijack-all-kinds-of-holiday-shopping-from-gift-cards-to-hype-drop-sales/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34577">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:28">
18:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4024 ‼</strong><br><br><code>A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host&apos;s firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host&apos;s services by forwarding all ports to the VM.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34578">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:29">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-44543 ‼</strong><br><br><code>An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44543">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34579">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:30">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-40161 ‼</strong><br><br><code>A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDF earlier than 9.0.7 version.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40161">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34580">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:32">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-43984 ‼</strong><br><br><code>mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34581">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:33">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2019-8702 ‼</strong><br><br><code>This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8702">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34582">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:34">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2020-3886 ‼</strong><br><br><code>A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3886">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34583">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:35">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2017-13835 ‼</strong><br><br><code>A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13835">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34584">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:36">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-20318 ‼</strong><br><br><code>The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20318">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34585">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:38">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2020-3896 ‼</strong><br><br><code>This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to overwrite arbitrary files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3896">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34586">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:40">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2017-13905 ‼</strong><br><br><code>A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13905">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34587">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:41">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-23198 ‼</strong><br><br><code>mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23198">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34588">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:42">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-27007 ‼</strong><br><br><code>NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27007">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34589">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:44">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2018-4478 ‼</strong><br><br><code>A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4478">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34590">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:45">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2018-4302 ‼</strong><br><br><code>A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4302">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34591">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:46">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-3584 ‼</strong><br><br><code>A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3584">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34592">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:48">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-43989 ‼</strong><br><br><code>mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43989">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34593">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:51">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-44540 ‼</strong><br><br><code>A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44540">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34594">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:52">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-44453 ‼</strong><br><br><code>mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44453">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34595">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:53">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2017-13892 ‼</strong><br><br><code>An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13892">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34596">

      <div class="body">

       <div class="pull_right date details" title="23.12.2021 18:19:54">
18:19
       </div>

       <div class="text">
<strong>‼ CVE-2021-35243 ‼</strong><br><br><code>The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.6 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-993">

      <div class="body details">
24 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34597">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.12.2021 08:20:10">
08:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20876 ‼</strong><br><br><code>Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site&apos;s server via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20876">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34598">

      <div class="body">

       <div class="pull_right date details" title="24.12.2021 08:20:12">
08:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-20827 ‼</strong><br><br><code>Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the attacker may access the PLC Web server and hijack the PLC, and manipulation of the PLC output and/or suspension of the PLC may be conducted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20827">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34599">

      <div class="body">

       <div class="pull_right date details" title="24.12.2021 08:20:14">
08:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-20874 ‼</strong><br><br><code>Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain sensitive information via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20874">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34600">

      <div class="body">

       <div class="pull_right date details" title="24.12.2021 08:20:15">
08:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-20875 ‼</strong><br><br><code>Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34601">

      <div class="body">

       <div class="pull_right date details" title="24.12.2021 08:20:16">
08:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-20826 ‼</strong><br><br><code>Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from the communication between the PLC and the software. As a result, the complete access privileges to the PLC Web server may be obtained, and manipulation of the PLC output and/or suspension of the PLC may be conducted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20826">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34602">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.12.2021 10:20:17">
10:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23772 ‼</strong><br><br><code>This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23772">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34603">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.12.2021 12:07:45">
12:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ #12DaysofSwigmas</strong> <strong>– Happy Holidays from The Daily Swig 🗓️</strong><br><br><code>On the 12th Day of Swigmas, The Daily Swig gave to me…</code><br><br><a href="https://portswigger.net/daily-swig/12daysofswigmas-happy-holidays-from-the-daily-swig">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34604">

      <div class="body">

       <div class="pull_right date details" title="24.12.2021 12:20:28">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-4072 ‼</strong><br><br><code>elgg is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4072">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34605">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.12.2021 13:12:01">
13:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ The cool retro phone with a REAL DIAL… plus plenty of IoT problems ⚠</strong><br><br><code>You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/23/the-cool-retro-phone-with-a-real-dial-plus-plenty-of-iot-problems/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34606">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.12.2021 15:06:49">
15:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Switch to a well-paid tech career in 2022: Check out these 200+ IT courses 🦿</strong><br><br><code>Training for a lucrative tech career is easier and less expensive than you might think. Check out these online courses on programming, cybersecurity, project management and more.</code><br><br><a href="https://www.techrepublic.com/article/switch-to-a-well-paid-tech-career-in-2022-check-out-these-200-it-courses/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34607">

      <div class="body">

       <div class="pull_right date details" title="24.12.2021 15:12:32">
15:12
       </div>

       <div class="text">
<strong>⚠ SFW! The Top N Cyber­security Stories of 2021 (for small positive integer values of N) ⚠</strong><br><br><code>Happy Holidays! Our Top N stories, all totally SFW!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/24/sfw-the-top-n-cybersecurity-stories-of-2021-for-small-positive-integer-values-of-n/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-994">

      <div class="body details">
25 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34608">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:21:58">
22:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37567 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37567">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34609">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:00">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-32468 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32468">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34610">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:00">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37560 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37560">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34611">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:01">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-32469 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32469">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34612">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:04">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37565 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37565">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34613">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:05">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37562 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37562">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34614">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:06">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37583 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37583">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34615">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:07">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37584 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37584">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34616">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:08">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37571 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37571">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34617">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:10">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37570 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37570">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34618">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:11">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37561 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34619">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:13">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-35055 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35055">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34620">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:14">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37572 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37572">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34621">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:16">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37566 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37566">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34622">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:17">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37568 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37568">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34623">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:18">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37569 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37569">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34624">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:20">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37563 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34625">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:22">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-32467 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32467">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34626">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:23">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-41788 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle attempts at Wi-Fi authentication flooding.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41788">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34627">

      <div class="body">

       <div class="pull_right date details" title="25.12.2021 22:22:24">
22:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37564 ‼</strong><br><br><code>MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-995">

      <div class="body details">
26 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34628">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:32:11">
03:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45655 ‼</strong><br><br><code>NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45655">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34629">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:32:12">
03:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-45631 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45631">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34630">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:32:13">
03:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-45528 ‼</strong><br><br><code>Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R6900 before 1.0.2.8, R7000 before 1.0.9.88, R7900 before 1.0.3.18, R8000 before 1.0.4.46, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX75 before 1.0.3.88, RAX80 before 1.0.3.88, and WNR3500Lv2 before 1.2.0.62.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45528">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34631">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:32:15">
03:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-45571 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45571">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34632">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:32:15">
03:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-45654 ‼</strong><br><br><code>NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45654">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34633">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:32:17">
03:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-45632 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45632">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34634">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:32:18">
03:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-45611 ‼</strong><br><br><code>Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A before 1.0.0.52, R6400 before 1.0.1.68, RAX200 before 1.0.3.106, WNDR3400v3 before 1.0.1.38, XR300 before 1.0.3.68, R8500 before 1.0.2.144, RAX75 before 1.0.3.106, R8300 before 1.0.2.144, and RAX80 before 1.0.3.106.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45611">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34635">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:32:19">
03:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-45523 ‼</strong><br><br><code>NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45523">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34636">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:32:20">
03:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-45567 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45567">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34637">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:13">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45590 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45590">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34638">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:15">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45630 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45630">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34639">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:16">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45669 ‼</strong><br><br><code>Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45669">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34640">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:18">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45570 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45570">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34641">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:19">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45597 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45597">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34642">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:20">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45542 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45542">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34643">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:21">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45511 ‼</strong><br><br><code>Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45511">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34644">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:23">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45587 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45587">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34645">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:23">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45659 ‼</strong><br><br><code>Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45659">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34646">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:24">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45596 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45596">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34647">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:25">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45546 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45546">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34648">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:26">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45652 ‼</strong><br><br><code>Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45652">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34649">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:27">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45537 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user . This affects RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45537">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34650">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:30">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45524 ‼</strong><br><br><code>NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflow by an authenticated user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45524">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34651">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:31">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45585 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45585">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34652">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:32">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45610 ‼</strong><br><br><code>Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80 before 1.0.1.64, R6250 before 1.0.4.48, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R7960P before 1.4.1.64, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, R6400v2 before 1.0.4.106, R7000P before 1.3.2.132, R8000P before 1.4.1.64, RAX20 before 1.0.2.82, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, R6700v3 before 1.0.4.106, R6900P before 1.3.2.132, R7900P before 1.4.1.64, RAX15 before 1.0.2.82, RAX50 before 1.0.2.82, and RAX75 before 1.0.3.106.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45610">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34653">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:35:34">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45535 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.3.106, RAX80 before 1.0.3.106, RAX75 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45535">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34654">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:38:15">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-45527 ‼</strong><br><br><code>Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.54, EX7000 before 1.0.1.94, EX7500 before 1.0.0.72, R6250 before 1.0.4.48, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.102, R6700v3 before 1.0.4.102, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7850 before 1.0.5.68, R7900 before 1.0.4.30, R7960P before 1.4.1.68, R8000 before 1.0.4.52, RAX200 before 1.0.2.88, RBS40V before 2.6.2.4, RS400 before 1.5.1.80, XR300 before 1.0.3.56, R7000P before 1.3.2.124, R8000P before 1.4.1.68, R8500 before 1.0.2.144, RAX80 before 1.0.3.102, R6900P before 1.3.2.124, R7900P before 1.4.1.68, R8300 before 1.0.2.144, RAX75 before 1.0.3.102, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45527">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34655">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:38:16">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-45529 ‼</strong><br><br><code>Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects CBR40 before 2.3.5.12, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.30, R8000 before 1.0.4.52, and WNR3500Lv2 before 1.2.0.62.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45529">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34656">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:38:17">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-45622 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45622">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34657">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:38:18">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-45534 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45534">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34658">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 03:38:19">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-45560 ‼</strong><br><br><code>Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45560">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34659">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 20:22:54">
20:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45717 ‼</strong><br><br><code>An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45717">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34660">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 20:22:56">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-45716 ‼</strong><br><br><code>An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45716">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34661">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 20:22:57">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-45720 ‼</strong><br><br><code>An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45720">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34662">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 20:22:58">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-45718 ‼</strong><br><br><code>An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45718">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34663">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 20:22:59">
20:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-45712 ‼</strong><br><br><code>An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45712">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34664">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 20:23:00">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45714 ‼</strong><br><br><code>An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45714">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34665">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 20:23:01">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45719 ‼</strong><br><br><code>An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45719">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34666">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 20:23:03">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45715 ‼</strong><br><br><code>An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45715">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34667">

      <div class="body">

       <div class="pull_right date details" title="26.12.2021 20:23:05">
20:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45713 ‼</strong><br><br><code>An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45713">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-996">

      <div class="body details">
27 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34668">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 12:23:09">
12:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45336 ‼</strong><br><br><code>Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45336">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34669">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 12:23:10">
12:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-4173 ‼</strong><br><br><code>vim is vulnerable to Use After Free</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4173">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34670">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 12:23:11">
12:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45337 ‼</strong><br><br><code>Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by &quot;hollowing&quot; process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45337">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34671">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 12:23:13">
12:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45335 ‼</strong><br><br><code>Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45335">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34672">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 12:23:15">
12:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45339 ‼</strong><br><br><code>Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by &quot;hollowing&quot; trusted process which could lead to the bypassing of Avast self-defense.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45339">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34673">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 12:23:16">
12:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45338 ‼</strong><br><br><code>Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34674">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 15:08:16">
15:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Tips for providing digital security benefits to employees 🦿</strong><br><br><code>Many employers are now offering digital security benefits to help protect their employees. Learn about such arrangements and see how you can get started implementing them.</code><br><br><a href="https://www.techrepublic.com/article/tips-for-providing-digital-security-benefits-to-employees/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34675">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 15:38:25">
15:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 The 10 worst tech stories of 2021 🦿</strong><br><br><code>Have fond memories of 2021? They probably don&apos;t include these 10 stories or the products and services surrounding them.</code><br><br><a href="https://www.techrepublic.com/article/the-10-worst-tech-stories-of-2021/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34676">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 15:38:28">
15:38
       </div>

       <div class="text">
<strong>🦿 The dangers of dark data: How to manage it and mitigate the risks 🦿</strong><br><br><code>Dark data is a major challenge in enterprises, and it&apos;s not going away soon. Fortunately, there are ways to reduce dark data and the risks that come with it.</code><br><br><a href="https://www.techrepublic.com/article/the-dangers-of-dark-data-how-to-manage-it-and-mitigate-the-risks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34677">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 16:14:58">
16:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ The 5 Most-Wanted Threatpost Stories of 2021 ❌</strong><br><br><code>A look back at what was hot with readers in this second year of the pandemic.</code><br><br><a href="https://threatpost.com/5-top-threatpost-stories-2021/177278/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34678">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 16:23:39">
16:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38961 ‼</strong><br><br><code>IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212049.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38961">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34679">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 16:23:41">
16:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43855 ‼</strong><br><br><code>Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `&lt;img&gt;` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43855">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34680">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 16:23:43">
16:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43856 ‼</strong><br><br><code>Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. --- Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43856">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34681">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 16:23:44">
16:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43845 ‼</strong><br><br><code>PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43845">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34682">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 16:45:30">
16:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Global Cyberattacks from Nation-State Actors Posing Greater Threats ❌</strong><br><br><code>Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. </code><br><br><a href="https://threatpost.com/global-cyberattacks-nation-state-threats/177253/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34683">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 18:23:08">
18:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21751 ‼</strong><br><br><code>ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21751">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34684">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 18:23:09">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43857 ‼</strong><br><br><code>Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43857">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34685">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 18:23:11">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-21750 ‼</strong><br><br><code>ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21750">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34686">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 18:23:13">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45890 ‼</strong><br><br><code>basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45890">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34687">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 18:23:14">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-32993 ‼</strong><br><br><code>IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32993">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34688">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 18:23:16">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-33017 ‼</strong><br><br><code>The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33017">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34689">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 18:23:18">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43548 ‼</strong><br><br><code>Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43548">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34690">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 18:23:19">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43552 ‼</strong><br><br><code>The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43552">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34691">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 18:23:21">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-4161 ‼</strong><br><br><code>The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4161">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34692">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 18:23:22">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43550 ‼</strong><br><br><code>The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43550">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34693">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 18:23:23">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-23244 ‼</strong><br><br><code>ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23244">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34694">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 18:23:24">
18:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-35232 ‼</strong><br><br><code>Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35232">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34695">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 22:23:20">
22:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45904 ‼</strong><br><br><code>OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45904">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34696">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 22:23:22">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45906 ‼</strong><br><br><code>OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45906">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34697">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 22:23:23">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-45905 ‼</strong><br><br><code>OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45905">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34698">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 22:23:25">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-21237 ‼</strong><br><br><code>An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34699">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 22:23:27">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-21238 ‼</strong><br><br><code>An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21238">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34700">

      <div class="body">

       <div class="pull_right date details" title="27.12.2021 22:23:29">
22:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-21236 ‼</strong><br><br><code>A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user&apos;s session cookie.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21236">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-997">

      <div class="body details">
28 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34701">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 08:15:29">
08:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 2021 Wants Another Chance (A Lighter-Side Year in Review) ❌</strong><br><br><code>The year wasn&apos;t ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.</code><br><br><a href="https://threatpost.com/2021-log4j-year-review-funny-cybersecurity/177215/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34702">

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 08:24:27">
08:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-4179 ‼</strong><br><br><code>livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4179">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34703">

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 08:24:28">
08:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-4177 ‼</strong><br><br><code>livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4177">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34704">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 12:24:38">
12:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37400 ‼</strong><br><br><code>An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37400">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34705">

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 12:24:39">
12:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-45425 ‼</strong><br><br><code>Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45425">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34706">

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 12:24:40">
12:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-37401 ‼</strong><br><br><code>An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37401">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34707">

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 12:24:41">
12:24
       </div>

       <div class="text">
<strong>‼ CVE-2018-17875 ‼</strong><br><br><code>A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34708">

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 12:24:42">
12:24
       </div>

       <div class="text">
<strong>‼ CVE-2019-20082 ‼</strong><br><br><code>ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20082">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34709">

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 12:24:43">
12:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-45903 ‼</strong><br><br><code>A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45903">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34710">

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 12:29:05">
12:29
       </div>

       <div class="text">
<strong>🕴 An Adaptive Security Strategy Is Critical for Stopping Advanced Attacks 🕴</strong><br><br><code>Ransomware demands a new approach to incident response.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/an-adaptive-security-strategy-is-critical-for-stopping-advanced-attacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34711">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 13:14:25">
13:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Insider Threat: Definition &amp; Examples 🔏</strong><br><br><code>A recent report said that almost half of data breaches involve an insider element. In this blog we define what constitutes an insider threat and give you nearly 50 examples to help illustrate the threat further.</code><br><br><a href="https://digitalguardian.com/blog/insider-threat-definition-examples">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34712">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 13:45:32">
13:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ That Toy You Got for Christmas Could Be Spying on You ❌</strong><br><br><code>Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.</code><br><br><a href="https://threatpost.com/toy-christmas-spying/177288/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34713">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 14:09:48">
14:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Check for Log4j vulnerabilities with this simple-to-use script 🦿</strong><br><br><code>If you&apos;re not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.</code><br><br><a href="https://www.techrepublic.com/article/check-for-log4j-vulnerabilities-with-this-simple-to-use-script/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34714">

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 14:24:46">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-45814 ‼</strong><br><br><code>Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45814">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34715">

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 14:24:47">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-45812 ‼</strong><br><br><code>NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user&apos;s session by injecting malicious JavaScript codes which leads to session hijacking.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45812">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34716">

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 14:24:48">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-45813 ‼</strong><br><br><code>SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user&apos;s session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user&apos;s credentials theft.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45813">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34717">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 15:23:20">
15:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 AV-Comparatives Reveals Results of Long-Term Tests of 19 Leading Endpoint Security Solutions 🕴</strong><br><br><code>The Business Security Test is a comprehensive investigation of corporate endpoint security solutions on the market.</code><br><br><a href="https://www.darkreading.com/endpoint/av-comparatives-reveals-results-of-long-term-tests-of-19-leading-endpoint-security-solutions">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34718">

      <div class="body">

       <div class="pull_right date details" title="28.12.2021 15:27:35">
15:27
       </div>

       <div class="text">
<strong>🕴 After Google&apos;s Landmark Settlement, How Ad Networks Should Tackle Child Privacy 🕴</strong><br><br><code>To comply with the updated COPPA Rule, online ad platforms need to change how they handle viewers who might be children.</code><br><br><a href="https://www.darkreading.com/endpoint/after-google-s-landmark-settlement-how-ad-networks-should-tackle-child-privacy">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-998">

      <div class="body details">
29 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34719">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 03:28:18">
03:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Log4j Flaw Will Take Years to be Fully Addressed 🕴</strong><br><br><code>Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google&apos;s Open Source Insights Team.</code><br><br><a href="https://www.darkreading.com/tech-trends/the-log4j-flaw-will-take-years-to-be-fully-addressed">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34720">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 08:25:37">
08:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25990 ‼</strong><br><br><code>In “ifmeâ€�, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25990">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34721">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 08:25:38">
08:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-44161 ‼</strong><br><br><code>Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44161">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34722">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 08:25:39">
08:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25989 ‼</strong><br><br><code>In “ifmeâ€�, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25989">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34723">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 08:25:40">
08:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-44160 ‼</strong><br><br><code>Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44160">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34724">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 08:25:41">
08:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25991 ‼</strong><br><br><code>In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to self-ban themself leading to their deactivation from Ifme account and complete loss of admin access in Ifme.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34725">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 08:25:45">
08:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25988 ‼</strong><br><br><code>In “ifmeâ€�, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25988">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34726">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 09:10:09">
09:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Indian authorities set to tighten data breach laws in 2022 🗓️</strong><br><br><code>Credit card storage rules and 72-hour breach notification deadline due to come into play next year</code><br><br><a href="https://portswigger.net/daily-swig/indian-authorities-set-to-tighten-data-breach-laws-in-2022">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34727">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 11:46:05">
11:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cryptomining Attack Exploits Docker API Misconfiguration Since 2019 ❌</strong><br><br><code>Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency.</code><br><br><a href="https://threatpost.com/cryptomining-attack-exploits-docker-api-misconfiguration-since-2019/177299/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34728">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 11:46:06">
11:46
       </div>

       <div class="text">
<strong>❌ 5 Cybersecurity Trends to Watch in 2022 ❌</strong><br><br><code>Here’s what cybersecurity watchers want infosec pros to know heading into 2022.  </code><br><br><a href="https://threatpost.com/5-cybersecurity-trends-2022/177273/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34729">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 12:10:16">
12:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ LastPass quells cyber-attack fears, blames email notification surge on ‘glitch’ 🗓️</strong><br><br><code>Password vault investigation reveals no evidence of credential stuffing activity</code><br><br><a href="https://portswigger.net/daily-swig/lastpass-quells-cyber-attack-fears-blames-email-notification-surge-on-glitch">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34730">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 12:13:58">
12:13
       </div>

       <div class="text">
<strong>⚠ SFW! The Top N Cyber­security Stories of 2021 (for small positive integer values of N) ⚠</strong><br><br><code>Happy Holidays! Our Top N stories, all totally SFW!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/24/sfw-the-top-n-cybersecurity-stories-of-2021-for-small-positive-integer-values-of-n/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34731">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 12:25:52">
12:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38680 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.20 and later</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38680">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34732">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 12:25:53">
12:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38687 ‼</strong><br><br><code>A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38687">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34733">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 12:25:54">
12:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-35035 ‼</strong><br><br><code>A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35035">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34734">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 12:25:55">
12:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-35034 ‼</strong><br><br><code>An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35034">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34735">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 12:25:56">
12:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-38688 ‼</strong><br><br><code>An improper authentication vulnerability has been reported to affect Android App Qfile. If exploited, this vulnerability allows attackers to compromise app and access information We have already fixed this vulnerability in the following versions of Qfile: Qfile 3.0.0.1105 and later</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38688">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34736">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 12:28:53">
12:28
       </div>

       <div class="text">
<strong>🕴 Why Cyber Due Diligence Is Essential to the M&amp;A Process 🕴</strong><br><br><code>That announcement may feel good, but if your prospective acquisition&apos;s cybersecurity levels are substandard, it might be best to hold off.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/why-cyber-due-diligence-is-essential-to-the-m-a-process">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34737">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 13:14:15">
13:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Log4Shell vulnerability Number Four: “Much ado about something” ⚠</strong><br><br><code>It&apos;s a Log4j bug, and you ought to patch it. But we don&apos;t think it&apos;s a critical crisis like the last one.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/29/log4shell-vulnerability-number-four-much-ado-about-something/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34738">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 13:40:19">
13:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Swig Security Review 2021 – Part I 🗓️</strong><br><br><code>Key thinkers on the biggest security stories and trends in 2021</code><br><br><a href="https://portswigger.net/daily-swig/swig-security-review-2021-part-i">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34739">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 14:32:26">
14:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36723 ‼</strong><br><br><code>Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36723">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34740">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 14:32:28">
14:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-4176 ‼</strong><br><br><code>livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4176">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34741">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 14:32:31">
14:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-36722 ‼</strong><br><br><code>Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36722">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34742">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 14:32:33">
14:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-4175 ‼</strong><br><br><code>livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4175">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34743">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 16:16:15">
16:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass (Fake) Account Creation ❌</strong><br><br><code>Jason Kent is Hacker-in-Residence at Cequence Security.</code><br><br><a href="https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34744">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 16:31:13">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-45885 ‼</strong><br><br><code>An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45885">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34745">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 16:31:17">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-25993 ‼</strong><br><br><code>In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25993">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34746">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 16:31:22">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-23727 ‼</strong><br><br><code>This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23727">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34747">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 16:31:25">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-4187 ‼</strong><br><br><code>vim is vulnerable to Use After Free</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4187">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34748">

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 16:31:28">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-36724 ‼</strong><br><br><code>ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn&apos;t have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36724">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34749">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.12.2021 22:45:51">
22:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43876 ‼</strong><br><br><code>Microsoft SharePoint Elevation of Privilege Vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43876">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-999">

      <div class="body details">
30 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34750">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 08:35:12">
08:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4188 ‼</strong><br><br><code>mruby is vulnerable to NULL Pointer Dereference</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4188">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34751">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 09:39:38">
09:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Learn highly marketable ethical hacking skills for less than $45 🦿</strong><br><br><code>Even if you have no tech experience, you can develop valuable skills with the online training offered by The Super-Sized Ethical Hacking Bundle.</code><br><br><a href="https://www.techrepublic.com/article/learn-highly-marketable-ethical-hacking-skills-for-less-than-45/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34752">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 10:33:52">
10:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45427 ‼</strong><br><br><code>Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45427">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34753">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 11:30:20">
11:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 In the Fight Against Cybercrime, Takedowns Are Only Temporary 🕴</strong><br><br><code>Disrupting access to servers and infrastructure continues to interfere with cybercrime activity, but it&apos;s far from a perfect strategy.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/takedowns-prove-temporary-tactic-in-cybercrime-fight">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34754">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 11:44:30">
11:44
       </div>

       <div class="text">
<strong>⚠ Instagram copyright infringment scams – don’t get sucked in! ⚠</strong><br><br><code>We deconstructed a copyright phish so you don&apos;t have to. Be warned: the crooks are getting better at these scams...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/12/30/instagram-copyright-infringment-scams-dont-get-sucked-in/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34755">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 12:30:22">
12:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Zero Trust and Access: Protecting the Keys to the Kingdom 🕴</strong><br><br><code>Zero trust moves the control pane closer to the defended asset and attempts to tightly direct access and privileges.</code><br><br><a href="https://www.darkreading.com/operations/zero-trust-and-access-protecting-the-keys-to-the-kingdom">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34756">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 12:33:57">
12:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-45818 ‼</strong><br><br><code>SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to HTTP response splitting.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45818">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34757">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 12:33:58">
12:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-43861 ‼</strong><br><br><code>Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers&apos; machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43861">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34758">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 12:33:59">
12:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-45815 ‼</strong><br><br><code>Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45815">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34759">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 12:40:44">
12:40
       </div>

       <div class="text">
<strong>🗓️ Swig Security Review 2021 – Part II 🗓️</strong><br><br><code>Key thinkers on the biggest security stories and trends in 2021</code><br><br><a href="https://portswigger.net/daily-swig/swig-security-review-2021-part-ii">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34760">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 13:48:50">
13:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools ❌</strong><br><br><code>Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution.</code><br><br><a href="https://threatpost.com/aquatic-panda-log4shell-exploit-tools/177312/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34761">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 14:10:45">
14:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ HCL DX vendor ‘could not reproduce’ allegedly critical vulnerabilities 🗓️</strong><br><br><code>Disclosure process for bugs in HCL DX – formerly WebSphere Portal – seemingly went awry</code><br><br><a href="https://portswigger.net/daily-swig/hcl-dx-vendor-could-not-reproduce-allegedly-critical-vulnerabilities">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34762">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 14:34:10">
14:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43862 ‼</strong><br><br><code>jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added to span tag, so no automatic execution like with `onerror` on images is possible. This issue is fixed in version 2.31.1. As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters (e.g. to highlight code in different way).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43862">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34763">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 15:00:36">
15:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Getting Started With Threat-Informed Security Programs 🕴</strong><br><br><code>Security leaders need to examine their business model, document risks, and develop a strategic plan to address those risks.</code><br><br><a href="https://www.darkreading.com/edge-articles/getting-started-with-threat-informed-security-programs">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34764">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 15:16:52">
15:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ What the Rise in Cyber-Recon Means for Your Security Strategy ❌</strong><br><br><code>Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs.</code><br><br><a href="https://threatpost.com/rise-cyber-recon-security-strategy/177317/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34765">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 15:39:44">
15:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to install the Pritunl VPN server on AlmaLinux 🦿</strong><br><br><code>If you&apos;re looking for a VPN server to host in-house, look no further than the AlmaLinux/Pritunl combination. See how easy it is to get this service up and running.</code><br><br><a href="https://www.techrepublic.com/article/how-to-install-the-pritunl-vpn-server-on-almalinux/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34766">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 16:34:14">
16:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29292 ‼</strong><br><br><code>iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29292">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34767">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 16:34:15">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-45379 ‼</strong><br><br><code>Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45379">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34768">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 16:34:16">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-38876 ‼</strong><br><br><code>IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38876">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34769">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:25">
20:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20151 ‼</strong><br><br><code>Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router&apos;s management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user&apos;s session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20151">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34770">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:26">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20168 ‼</strong><br><br><code>Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20168">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34771">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:27">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-4182 ‼</strong><br><br><code>Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4182">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34772">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:28">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-4186 ‼</strong><br><br><code>Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4186">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34773">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:30">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20160 ‼</strong><br><br><code>Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20160">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34774">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:31">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-4181 ‼</strong><br><br><code>Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4181">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34775">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:32">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20152 ‼</strong><br><br><code>Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20152">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34776">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:34">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20167 ‼</strong><br><br><code>Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20167">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34777">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:34">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20161 ‼</strong><br><br><code>Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20161">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34778">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:36">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-45732 ‼</strong><br><br><code>Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45732">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34779">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:37">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20165 ‼</strong><br><br><code>Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20165">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34780">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:39">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-4190 ‼</strong><br><br><code>Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4190">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34781">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:40">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20170 ‼</strong><br><br><code>Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20170">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34782">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:42">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20164 ‼</strong><br><br><code>Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20164">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34783">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:44">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20153 ‼</strong><br><br><code>Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include &quot;config&quot;, &quot;downloads&quot;, and &quot;torrents&quot;, though it should be noted that &quot;downloads&quot; is the only vector that allows for arbitrary files to be downloaded to arbitrary locations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20153">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34784">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:44">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20132 ‼</strong><br><br><code>Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the &quot;admin&quot; user, UID 0).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20132">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34785">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:45">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-4184 ‼</strong><br><br><code>Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4184">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34786">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:46">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20156 ‼</strong><br><br><code>Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if it is from a known and trusted source. This includes firmware updates that are done via the automated &quot;check for updates&quot; in the admin interface. If an attacker is able to masquerade as the update server, the device will not verify that the firmware updates downloaded are legitimate.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20156">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34787">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:49">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20158 ‼</strong><br><br><code>Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20158">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34788">

      <div class="body">

       <div class="pull_right date details" title="30.12.2021 20:34:50">
20:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20155 ‼</strong><br><br><code>Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of &quot;12345678&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20155">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-1000">

      <div class="body details">
31 December 2021
      </div>

     </div>

     <div class="message default clearfix" id="message34789">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.12.2021 11:41:13">
11:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Bug Bounty Radar // The latest bug bounty programs for January 2022 🗓️</strong><br><br><code>New web targets for the discerning hacker</code><br><br><a href="https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-january-2022">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34790">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.12.2021 12:41:47">
12:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ The Matrix Resurrections review: Latest film instalment offers nostalgia but no denouement 🗓️</strong><br><br><code>Déjà vu isn&apos;t what it used to be</code><br><br><a href="https://portswigger.net/daily-swig/the-matrix-resurrections-review-latest-film-instalment-offers-nostalgia-but-no-denouement">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34791">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.12.2021 13:41:30">
13:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Security done right: Celebrating infosec wins in 2021 🗓️</strong><br><br><code>Kudos to Tonga’s ccTLD, the US Supreme Court, and others…</code><br><br><a href="https://portswigger.net/daily-swig/security-done-right-celebrating-infosec-wins-in-2021">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34792">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.12.2021 14:35:18">
14:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-4193 ‼</strong><br><br><code>vim is vulnerable to Out-of-bounds Read</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4193">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34793">

      <div class="body">

       <div class="pull_right date details" title="31.12.2021 14:35:20">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-4192 ‼</strong><br><br><code>vim is vulnerable to Use After Free</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4192">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-1001">

      <div class="body details">
1 January 2022
      </div>

     </div>

     <div class="message default clearfix" id="message34794">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:35:51">
03:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45933 ‼</strong><br><br><code>wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45933">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34795">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:35:52">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45926 ‼</strong><br><br><code>MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd0c689be0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45926">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34796">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:35:53">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45940 ‼</strong><br><br><code>libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45940">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34797">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:35:54">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45928 ‼</strong><br><br><code>libjxl before 0.6, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState&lt;jxl::FrameDecoder::ProcessSections).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45928">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34798">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:35:54">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45934 ‼</strong><br><br><code>wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_HandlePacket and MqttClient_WaitType).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45934">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34799">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:35:58">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45930 ‼</strong><br><br><code>Qt SVG in Qt 5.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps&lt;QPainterPath::Element&gt;::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45930">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34800">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:35:59">
03:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-45943 ‼</strong><br><br><code>GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45943">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34801">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:00">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-44716 ‼</strong><br><br><code>net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44716">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34802">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:01">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-45935 ‼</strong><br><br><code>Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K::decompress (called from std::__1::__packaged_task_func&lt;std::__1::__bind&lt;grk::T1DecompressScheduler::deco and std::__1::packaged_task&lt;int).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45935">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34803">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:02">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-45938 ‼</strong><br><br><code>wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45938">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34804">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:06">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-45939 ‼</strong><br><br><code>wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45939">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34805">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:07">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-45942 ‼</strong><br><br><code>OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45942">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34806">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:08">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-45931 ‼</strong><br><br><code>HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t&lt;hb_bit_set_invertible_t&gt;::set and hb_set_copy).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34807">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:09">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-45941 ‼</strong><br><br><code>libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45941">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34808">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:10">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-44717 ‼</strong><br><br><code>Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44717">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34809">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:14">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-41817 ‼</strong><br><br><code>Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41817">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34810">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:15">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-45932 ‼</strong><br><br><code>wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45932">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34811">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:17">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-45936 ‼</strong><br><br><code>wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45936">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34812">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:18">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-45927 ‼</strong><br><br><code>MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd6e029ee0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45927">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34813">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 03:36:20">
03:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-45937 ‼</strong><br><br><code>wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45937">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34814">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 08:36:05">
08:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44852 ‼</strong><br><br><code>An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver&apos;s device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44852">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34815">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 08:36:06">
08:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-41819 ‼</strong><br><br><code>CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41819">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34816">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 08:36:08">
08:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43333 ‼</strong><br><br><code>The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34817">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 18:36:35">
18:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45960 ‼</strong><br><br><code>In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45960">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34818">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 20:36:36">
20:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45972 ‼</strong><br><br><code>The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45972">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34819">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 22:41:44">
22:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44896 ‼</strong><br><br><code>DMP Roadmap before 3.0.4 allows XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44896">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34820">

      <div class="body">

       <div class="pull_right date details" title="01.01.2022 22:41:45">
22:41
       </div>

       <div class="text">
<strong>‼ CVE-2022-22293 ‼</strong><br><br><code>admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22293">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-1002">

      <div class="body details">
2 January 2022
      </div>

     </div>

     <div class="message default clearfix" id="message34821">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.01.2022 10:37:09">
10:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-0080 ‼</strong><br><br><code>mruby is vulnerable to Heap-based Buffer Overflow</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0080">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34822">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.01.2022 14:37:19">
14:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36751 ‼</strong><br><br><code>ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36751">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-1003">

      <div class="body details">
3 January 2022
      </div>

     </div>

     <div class="message default clearfix" id="message34823">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 03:37:44">
03:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-0079 ‼</strong><br><br><code>showdoc is vulnerable to Generation of Error Message Containing Sensitive Information</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0079">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34824">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:37:53">
08:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-30276 ‼</strong><br><br><code>Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30276">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34825">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:37:54">
08:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-30289 ‼</strong><br><br><code>Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30289">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34826">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:37:55">
08:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-1894 ‼</strong><br><br><code>Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1894">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34827">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:37:56">
08:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-30282 ‼</strong><br><br><code>Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30282">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34828">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:37:57">
08:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-30270 ‼</strong><br><br><code>Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice &amp; Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30270">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34829">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:01">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30274 ‼</strong><br><br><code>Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30274">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34830">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:02">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30336 ‼</strong><br><br><code>Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30336">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34831">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:03">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30267 ‼</strong><br><br><code>Possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30267">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34832">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:04">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30269 ‼</strong><br><br><code>Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30269">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34833">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:05">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-45917 ‼</strong><br><br><code>The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34834">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:09">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-44158 ‼</strong><br><br><code>ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44158">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34835">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:10">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-35093 ‼</strong><br><br><code>Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35093">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34836">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:11">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30303 ‼</strong><br><br><code>Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30303">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34837">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:13">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30279 ‼</strong><br><br><code>Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30279">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34838">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:14">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30273 ‼</strong><br><br><code>Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30273">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34839">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:15">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30293 ‼</strong><br><br><code>Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30293">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34840">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:17">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-1918 ‼</strong><br><br><code>Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1918">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34841">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:18">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30268 ‼</strong><br><br><code>Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30268">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34842">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:19">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30351 ‼</strong><br><br><code>An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30351">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34843">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 08:38:20">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-25981 ‼</strong><br><br><code>In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25981">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34844">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 10:06:24">
10:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Adding Resiliency to BGP Avoids Network Outages, Data Loss 🕴</strong><br><br><code>Cisco Umbrella has mechanisms in place to ensure that end users don&apos;t lose connectivity even if ISPs and service providers experience outages.</code><br><br><a href="https://www.darkreading.com/edge-articles/adding-resiliency-to-bgp-avoids-network-outages-data-loss">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34845">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:23:54">
12:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Creating the Next Generation of Secure Developers 🕴</strong><br><br><code>Helping management prioritize developer education is a tall order, but it&apos;s one the industry must figure out.</code><br><br><a href="https://www.darkreading.com/careers-and-people/creating-the-next-generation-of-secure-developers">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34846">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:43:56">
12:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25021 ‼</strong><br><br><code>The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34847">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:43:56">
12:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-25022 ‼</strong><br><br><code>The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25022">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34848">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:43:57">
12:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-25027 ‼</strong><br><br><code>The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25027">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34849">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:43:58">
12:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-24964 ‼</strong><br><br><code>The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24964">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34850">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:00">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-24786 ‼</strong><br><br><code>The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the &quot;orderby&quot; GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24786">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34851">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:01">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-24973 ‼</strong><br><br><code>The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24973">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34852">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:02">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-24999 ‼</strong><br><br><code>The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24999">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34853">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:03">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-44674 ‼</strong><br><br><code>An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44674">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34854">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:04">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-25040 ‼</strong><br><br><code>The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25040">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34855">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:05">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-24893 ‼</strong><br><br><code>The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24893">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34856">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:07">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-24831 ‼</strong><br><br><code>All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24831">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34857">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:09">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-25030 ‼</strong><br><br><code>The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL injection attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25030">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34858">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:09">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-24991 ‼</strong><br><br><code>The WooCommerce PDF Invoices &amp; Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34859">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:11">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-45428 ‼</strong><br><br><code>TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45428">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34860">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:13">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-25023 ‼</strong><br><br><code>The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name parameter before using it in a SQL statement to convert the related table, leading to an SQL injection</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34861">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:14">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-24828 ‼</strong><br><br><code>The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24828">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34862">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:15">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-24963 ‼</strong><br><br><code>The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24963">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34863">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:16">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-25001 ‼</strong><br><br><code>The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25001">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34864">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:18">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-25016 ‼</strong><br><br><code>The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25016">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34865">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 12:44:20">
12:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-24680 ‼</strong><br><br><code>The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24680">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34866">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 13:06:25">
13:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Name That Edge Toon: In Your Face! 🕴</strong><br><br><code>Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.</code><br><br><a href="https://www.darkreading.com/edge-articles/name-that-edge-toon-in-your-face-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34867">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 14:44:23">
14:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45817 ‼</strong><br><br><code>Web Viewer for Hanwha DVR version 2.17 is affected by a Cross Site Scripting (XSS) vulnerability that allows an attacker to inject malicious JavaScript codes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45817">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34868">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 14:44:25">
14:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-46109 ‼</strong><br><br><code>Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46109">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34869">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 14:44:27">
14:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-3837 ‼</strong><br><br><code>openwhyd is vulnerable to Improper Authorization</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3837">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34870">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 15:11:32">
15:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Log4j Highlights Need for Better Handle on Software Dependencies 🕴</strong><br><br><code>Security pros say the Log4j vulnerability is another warning call for enterprises to get more disciplined when keeping track of software bills of materials.</code><br><br><a href="https://www.darkreading.com/application-security/log4j-highlights-need-for-better-handle-on-software-dependencies">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34871">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 16:18:13">
16:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Wireshark Analyzer 3.6.1 🛠</strong><br><br><code>Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/165420/wireshark-3.6.1.tar.xz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34872">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 16:18:14">
16:18
       </div>

       <div class="text">
<strong>🛠 SQLMAP - Automatic SQL Injection Tool 1.6 🛠</strong><br><br><code>sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user&apos;s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.</code><br><br><a href="https://packetstormsecurity.com/files/165421/sqlmap-1.6.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34873">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 16:18:15">
16:18
       </div>

       <div class="text">
<strong>🛠 Haveged 1.9.16 🛠</strong><br><br><code>haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.</code><br><br><a href="https://packetstormsecurity.com/files/165422/haveged-1.9.16.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34874">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 16:36:39">
16:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Pathr.ai</strong> <strong>Reaffirms Position as Privacy-Centric Solution for Retailers with Spatial Intelligence Platform 🕴</strong><br><br><code>Pathr.ai’s Spatial Intelligence technology is used to improve business outcomes in a variety of retail use cases.</code><br><br><a href="https://www.darkreading.com/privacy/pathr-ai-reaffirms-position-as-privacy-centric-solution-for-retailers-with-spatial-intelligence-platform-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34875">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 18:12:21">
18:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to install the CSF firewall on Ubuntu Server 🦿</strong><br><br><code>If you&apos;d like a powerful firewall for your Ubuntu Server, but one that offers a fairly straightforward configuration, Jack Wallen thinks CSF might be the right tool for the job.</code><br><br><a href="https://www.techrepublic.com/videos/how-to-install-the-csf-firewall-on-ubuntu-server/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34876">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 18:38:16">
18:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-23026 ‼</strong><br><br><code>A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23026">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34877">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 19:06:49">
19:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Florida&apos;s Broward Health Confirms October 2021 Breach 🕴</strong><br><br><code>The Oct. 15 breach compromised personal medical information, including history, condition, diagnosis, and medical record number.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/florida-s-broward-health-confirms-october-2021-breach">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34878">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 19:36:51">
19:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CISOs Plan What to Buy With Funds From the Infrastructure Bill 🕴</strong><br><br><code>CISOs welcome the cybersecurity funding allocated under the Infrastructure Investment and Jobs Act, but say it’s not perfect because it doesn&apos;t address a key issue: people.</code><br><br><a href="https://www.darkreading.com/dr-tech/cisos-plan-what-to-buy-with-funds-from-the-infrastructure-bill">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34879">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:25">
20:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37111 ‼</strong><br><br><code>There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37111">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34880">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:26">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39967 ‼</strong><br><br><code>There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39967">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34881">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:27">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39988 ‼</strong><br><br><code>The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39988">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34882">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:28">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39979 ‼</strong><br><br><code>HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39979">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34883">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:29">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39971 ‼</strong><br><br><code>Password vault has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability could compromise confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39971">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34884">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:30">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39975 ‼</strong><br><br><code>Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39975">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34885">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:31">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-37098 ‼</strong><br><br><code>Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37098">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34886">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:32">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-37132 ‼</strong><br><br><code>PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37132">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34887">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:33">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39974 ‼</strong><br><br><code>There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39974">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34888">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:34">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20147 ‼</strong><br><br><code>ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20147">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34889">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:38">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-37116 ‼</strong><br><br><code>PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37116">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34890">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:39">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39983 ‼</strong><br><br><code>The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39983">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34891">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:40">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39966 ‼</strong><br><br><code>There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39966">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34892">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:41">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-37120 ‼</strong><br><br><code>There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37120">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34893">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:42">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39978 ‼</strong><br><br><code>Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39978">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34894">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:46">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39970 ‼</strong><br><br><code>HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39970">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34895">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:47">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-37121 ‼</strong><br><br><code>There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37121">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34896">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:47">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39981 ‼</strong><br><br><code>Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39981">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34897">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:48">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39973 ‼</strong><br><br><code>There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may cause the kernel to break down.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39973">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34898">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:38:49">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-39969 ‼</strong><br><br><code>There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39969">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34899">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:44:27">
20:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-39990 ‼</strong><br><br><code>The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39990">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34900">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:44:28">
20:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-39984 ‼</strong><br><br><code>Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerability may cause Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34901">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:44:29">
20:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-39980 ‼</strong><br><br><code>Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39980">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34902">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:44:30">
20:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-37126 ‼</strong><br><br><code>Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34903">

      <div class="body">

       <div class="pull_right date details" title="03.01.2022 20:44:31">
20:44
       </div>

       <div class="text">
<strong>‼ CVE-2021-39989 ‼</strong><br><br><code>The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39989">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-1004">

      <div class="body details">
4 January 2022
      </div>

     </div>

     <div class="message default clearfix" id="message34904">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 03:38:43">
03:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20868 ‼</strong><br><br><code>Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain user credentials if external server authentication is enabled via a specific SOAP message sent by an administrative user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20868">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34905">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 03:38:43">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20871 ‼</strong><br><br><code>Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain the credentials if the destination information including credentials are registered in the address book via a specific SOAP message.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20871">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34906">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 03:38:44">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-43942 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting a malicious website. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43942">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34907">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 03:38:46">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20872 ‼</strong><br><br><code>Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier) allows a physical attacker to bypass the firmware integrity verification and to install malicious firmware.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20872">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34908">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 03:38:47">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20870 ‼</strong><br><br><code>Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier, bizhub C3850/C3350/3850FS, bizhub 4750/4050, bizhub C3110, bizhub C3100P) allows a physical attacker to obtain unsent scanned image data when scanned data transmission is stopped due to the network error by ejecting a HDD before the scan job times out.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20870">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34909">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 03:38:48">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20869 ‼</strong><br><br><code>Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain some of user credentials if LDAP server authentication is enabled via a specific SOAP message.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20869">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34910">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 09:13:01">
09:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Researcher discovers 70 web cache poisoning vulnerabilities, nets $40k in bug bounty rewards 🗓️</strong><br><br><code>Targets included GitHub, GitLab, HackerOne, and Cloudflare</code><br><br><a href="https://portswigger.net/daily-swig/researcher-discovers-70-web-cache-poisoning-vulnerabilities-nets-40k-in-bug-bounty-rewards">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34911">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 10:19:54">
10:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Portuguese Media Giant Impresa Crippled by Ransomware Attack ❌</strong><br><br><code>The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Year’s weekend attack.</code><br><br><a href="https://threatpost.com/portuguese-media-giant-impresa-ransomware/177323/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34912">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 12:07:55">
12:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Online privacy: DuckDuckGo just finished a banner year and looks for an even better 2022 🦿</strong><br><br><code>Commentary: The privacy-oriented search engine keeps winning fans. Will it spur Google to improve its own privacy?</code><br><br><a href="https://www.techrepublic.com/article/online-privacy-duckduckgo-just-finished-a-banner-year-and-looks-for-an-even-better-2022/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34913">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 12:07:56">
12:07
       </div>

       <div class="text">
<strong>🕴 Log4j Remediation Rules Now Available for WhiteSource Renovate and Enterprise 🕴</strong><br><br><code>The Software Composition Analysis leader now offers a remediation preset for WhiteSource Renovate and Enterprise, enabling users to identify and fix the Log4j vulnerability from hundreds of downstream dependent packages of Log4j.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/log4j-remediation-rules-now-available-for-whitesource-renovate-and-enterprise">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34914">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 12:07:57">
12:07
       </div>

       <div class="text">
<strong>🕴 Palo Alto Networks Appoints Helmut Reisinger to Leadership Team 🕴</strong><br><br><code>Reisinger joins as CEO, EMEA and Latin America, to accelerate global growth strategy.</code><br><br><a href="https://www.darkreading.com/cloud/palo-alto-networks-appoints-helmut-reisinger-to-leadership-team">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34915">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 12:07:57">
12:07
       </div>

       <div class="text">
<strong>🕴 Why CIOs Should Report to CISOs 🕴</strong><br><br><code>If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure.</code><br><br><a href="https://www.darkreading.com/careers-and-people/why-cios-should-be-reporting-to-cisos">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34916">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 12:13:55">
12:13
       </div>

       <div class="text">
<strong>🗓️ Latest web hacking tools – Q1 2022 🗓️</strong><br><br><code>We take a look at the latest additions to security researchers’ armory</code><br><br><a href="https://portswigger.net/daily-swig/latest-web-hacking-tools-q1-2022">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34917">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 12:39:22">
12:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44168 ‼</strong><br><br><code>A download of code without integrity check vulnerability in the &quot;execute restore src-vis&quot; command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44168">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34918">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 12:39:23">
12:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-43711 ‼</strong><br><br><code>The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43711">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34919">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 13:07:59">
13:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Vinnie Liu Has a Mission: Keeping People Safe Online and Offline 🕴</strong><br><br><code>Security Pro File: The years at the National Security Agency shaped Vinnie Liu&apos;s views on security. &quot;We&apos;re missionaries, not mercenaries,&quot; he says.</code><br><br><a href="https://www.darkreading.com/edge-articles/vinnie-liu-has-a-mission-keeping-people-safe-online-and-offline">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34920">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 13:43:12">
13:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ US retailer PulseTV warns of apparent credit card data breach 🗓️</strong><br><br><code>Payment system updated amidst fears 200,000 records may have been exposed</code><br><br><a href="https://portswigger.net/daily-swig/us-retailer-pulsetv-warns-of-apparent-credit-card-data-breach">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34921">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 13:50:01">
13:50
       </div>

       <div class="text">
<strong>❌ McMenamins Data Breach Affects 12 Years of Employee Info ❌</strong><br><br><code>The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.</code><br><br><a href="https://threatpost.com/mcmenamins-data-breach-employee-info/177336/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34922">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:20:03">
14:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Purple Fox Rootkit Dropped by Malicious Telegram Installers ❌</strong><br><br><code>Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.</code><br><br><a href="https://threatpost.com/purple-fox-rootkit-telegram-installers/177330/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34923">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:16">
14:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45912 ‼</strong><br><br><code>An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45912">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34924">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:17">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-20012 ‼</strong><br><br><code>In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20012">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34925">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:19">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-20013 ‼</strong><br><br><code>In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05837742.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20013">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34926">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:20">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-20016 ‼</strong><br><br><code>In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862986; Issue ID: ALPS05862986.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20016">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34927">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:21">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-45389 ‼</strong><br><br><code>StarWind SAN &amp; NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45389">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34928">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:23">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-41789 ‼</strong><br><br><code>In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41789">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34929">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:25">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-20020 ‼</strong><br><br><code>In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05943906; Issue ID: ALPS05943906.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20020">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34930">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:26">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-20018 ‼</strong><br><br><code>In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20018">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34931">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:27">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-20019 ‼</strong><br><br><code>In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34932">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:28">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-20021 ‼</strong><br><br><code>In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198513; Issue ID: ALPS06198513.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34933">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:30">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-45913 ‼</strong><br><br><code>A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45913">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34934">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:32">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-20023 ‼</strong><br><br><code>In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34935">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:33">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-45979 ‼</strong><br><br><code>Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45979">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34936">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:34">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-20022 ‼</strong><br><br><code>In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198578; Issue ID: ALPS06198578.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20022">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34937">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:35">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-45980 ‼</strong><br><br><code>Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45980">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34938">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:36">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-45978 ‼</strong><br><br><code>Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45978">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34939">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:38">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3842 ‼</strong><br><br><code>nltk is vulnerable to Inefficient Regular Expression Complexity</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3842">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34940">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:39">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-20014 ‼</strong><br><br><code>In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05857308; Issue ID: ALPS05857308.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20014">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34941">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:40">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-20015 ‼</strong><br><br><code>In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862966; Issue ID: ALPS05862966.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34942">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:39:41">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-40148 ‼</strong><br><br><code>In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40148">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34943">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 14:46:30">
14:46
       </div>

       <div class="text">
<strong>⚠ Apple Home software bug could lock you out of your iPhone ⚠</strong><br><br><code>The finder of this bug insists it &quot;poses a serious risk&quot;. We&apos;re not so sure, but we recommend you take steps to avoid it anyway.</code><br><br><a href="https://nakedsecurity.sophos.com/2022/01/04/apple-home-software-bug-could-lock-you-out-of-your-iphone/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34944">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 15:08:44">
15:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Mobile Application Security: 2021&apos;s Breaches 🕴</strong><br><br><code>Many of last year&apos;s largest app breaches could have been prevented with testing, training, and the will to take app security seriously.</code><br><br><a href="https://www.darkreading.com/application-security/mobile-application-security-2021-s-breaches">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34945">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 16:39:15">
16:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3845 ‼</strong><br><br><code>ws-scrcpy is vulnerable to External Control of File Name or Path</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3845">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34946">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 16:39:16">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-0086 ‼</strong><br><br><code>uppy is vulnerable to Server-Side Request Forgery (SSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0086">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34947">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 16:39:17">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-39143 ‼</strong><br><br><code>Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don&apos;t override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39143">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34948">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 17:50:12">
17:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites ❌</strong><br><br><code>The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player.</code><br><br><a href="https://threatpost.com/data-skimmer-sothebys-real-estate-websites/177347/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34949">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:20:13">
18:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access &amp; More ❌</strong><br><br><code>SEGA&apos;s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.</code><br><br><a href="https://threatpost.com/sega-security-aws-s3-exposed-steam/177352/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34950">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:21">
18:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Google Buys Siemplify to Get Ahead in Cloud Security 🕴</strong><br><br><code>Google says the deal will bring security orchestration, automation, and response to its Google Cloud security portfolio and expand its Chronicle platform.</code><br><br><a href="https://www.darkreading.com/operations/google-buys-siemplify-to-get-ahead-in-cloud-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34951">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:23">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-41236 ‼</strong><br><br><code>OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41236">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34952">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:24">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-43832 ‼</strong><br><br><code>Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation &amp; execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users haven&apos;t setup Role-based access control (RBAC) with-in spinnaker, this enables remote execution and access to deploy almost any resources on any account. Patches are available on the latest releases of the supported branches and users are advised to upgrade as soon as possible. Users unable to upgrade should enable RBAC on ALL accounts and applications. This mitigates the ability of a pipeline to affect any accounts. Block application access unless permission are enabled. Users should make sure ALL application creation is restricted via appropriate wildcards.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43832">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34953">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:25">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-43850 ‼</strong><br><br><code>Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43850">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34954">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:28">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-43677 ‼</strong><br><br><code>Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43677">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34955">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:29">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2022-21648 ‼</strong><br><br><code>Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. Users unable to upgrade should not accept template input from untrusted sources.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21648">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34956">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:32">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2022-21647 ‼</strong><br><br><code>CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection. Users are advised to upgrade to v4.1.6 or later. Users unable to upgrade as advised to not use the `old()` function and form_helper nor `RedirectResponse::withInput()` and `redirect()-&gt;withInput()`.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21647">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34957">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:33">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-43852 ‼</strong><br><br><code>OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. This issue has been patched in version 4.2.8. Users unable to upgrade may configure a firewall to drop requests containing next strings: `__proto__` , `constructor[prototype]`, and `constructor.prototype` to mitigate this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43852">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34958">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:36">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2022-21643 ‼</strong><br><br><code>USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21643">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34959">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:37">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-24042 ‼</strong><br><br><code>The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24042">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34960">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:39">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2022-21644 ‼</strong><br><br><code>USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21644">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34961">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:41">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-41141 ‼</strong><br><br><code>PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41141">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34962">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 18:38:44">
18:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-41610 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-27339. Reason: This candidate is a reservation duplicate of CVE-2020-27339. Notes: All CVE users should reference CVE-2020-27339 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41610">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34963">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 19:38:33">
19:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 McMenamins Breach Affected 23 Years of Employee Data 🕴</strong><br><br><code>The Oregon-based hospitality and dining business reports the data was compromised in a Dec. 12 ransomware attack.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/mcmenamins-breach-affected-23-years-of-employee-data">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34964">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 19:38:36">
19:38
       </div>

       <div class="text">
<strong>🕴 Attackers Exploit Log4j Flaws in Hands-on-Keyboard Attacks to Drop Reverse Shells 🕴</strong><br><br><code>Microsoft says vulnerabilities present a &quot;real and present&quot; danger, citing high volume of scanning and attack activity targeting the widely used Apache logging framework.</code><br><br><a href="https://www.darkreading.com/application-security/attackers-using-log4j-flaws-in-hands-on-keyboard-attacks-to-drop-reverse-shells">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34965">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 19:42:23">
19:42
       </div>

       <div class="text">
<strong>🦿 Google makes the perfect case for why you shouldn&apos;t use Chrome 🦿</strong><br><br><code>Google says Manifest V3 is focused on security, privacy and performance, but it could also break Chrome browser extensions used by millions of people.</code><br><br><a href="https://www.techrepublic.com/article/google-makes-the-perfect-case-for-why-you-shouldnt-use-chrome/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34966">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 20:20:14">
20:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Microsoft Sees Rampant Log4j Exploit Attempts, Testing ❌</strong><br><br><code>Microsoft says it&apos;s only going to get worse: It&apos;s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.</code><br><br><a href="https://threatpost.com/microsoft-rampant-log4j-exploits-testing/177358/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34967">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 20:39:25">
20:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-21649 ‼</strong><br><br><code>Convos is an open source multi-user chat that runs in a web browser. Characters starting with &quot;https://&quot; in the chat window create an &lt;a&gt; tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for &quot;&lt;&quot; or &quot;&gt;&quot; but escaping for double quotes does not exist. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21649">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34968">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 20:39:28">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-41388 ‼</strong><br><br><code>Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41388">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34969">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 20:39:30">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2022-21650 ‼</strong><br><br><code>Convos is an open source multi-user chat that runs in a web browser. You can&apos;t use SVG extension in Convos&apos; chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after uploading a file the XSS attack is triggered upon a user viewing the file. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21650">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34970">

      <div class="body">

       <div class="pull_right date details" title="04.01.2022 20:39:32">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-22045 ‼</strong><br><br><code>VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22045">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-1005">

      <div class="body details">
5 January 2022
      </div>

     </div>

     <div class="message default clearfix" id="message34971">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 03:38:51">
03:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CrowdStrike Incorporates Intel CPU Telemetry into Falcon Sensor 🕴</strong><br><br><code>The Falcon sensor uses Intel PT telemetry to identify suspicious operations associated with hard-to-detect exploit techniques.</code><br><br><a href="https://www.darkreading.com/dr-tech/crowdstrike-incorporates-intel-cpu-telemetry-into-falcon-sensor">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34972">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 03:38:53">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-43946 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.21.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43946">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34973">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 10:40:40">
10:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22567 ‼</strong><br><br><code>Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22567">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34974">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 10:40:41">
10:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-41043 ‼</strong><br><br><code>Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41043">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34975">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 10:40:43">
10:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-31589 ‼</strong><br><br><code>BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full admin access to the appliance, by tricking the administrator into creating a new admin account through an XSS/CSRF attack involving a crafted request to the /appliance/users?action=edit endpoint. This cross-site-scripting (XSS) vulnerability occurs when it does not properly sanitize an unauthenticated crafted web request to the server</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31589">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34976">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 10:40:45">
10:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-15933 ‼</strong><br><br><code>A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15933">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34977">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 11:13:37">
11:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Indian academic bookseller Oswaal Books fixes alleged RCE and other serious vulnerabilities with Shopify relaunch 🗓️</strong><br><br><code>Researcher claims he found RCE, authentication bypass, CSRF flaws</code><br><br><a href="https://portswigger.net/daily-swig/indian-academic-bookseller-oswaal-books-fixes-alleged-rce-and-other-serious-vulnerabilities-with-shopify-relaunch">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34978">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 11:20:37">
11:20
       </div>

       <div class="text">
<strong>❌ ‘Malsmoke’ Exploits Microsoft’s E-Signature Verification ❌</strong><br><br><code>The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.</code><br><br><a href="https://threatpost.com/malsmoke-microsoft-e-signature-verification/177363/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34979">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 12:23:10">
12:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Web skimming attacks on hundreds of real estate websites deployed via cloud video hosting service 🗓️</strong><br><br><code>Attackers leverage software supply chain to compromise high-traffic sites</code><br><br><a href="https://portswigger.net/daily-swig/web-skimming-attacks-on-hundreds-of-real-estate-websites-deployed-via-cloud-video-hosting-service">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34980">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 12:39:28">
12:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Putting Ransomware Gangs Out of Business With AI 🕴</strong><br><br><code>Organizations need to take matters into their own hands with a new approach.</code><br><br><a href="https://www.darkreading.com/dr-tech/putting-ransomware-gangs-out-of-business-with-ai">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34981">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 12:46:51">
12:46
       </div>

       <div class="text">
<strong>⚠ Apple Home software bug could lock you out of your iPhone ⚠</strong><br><br><code>The finder of this bug insists it &quot;poses a serious risk&quot;. We&apos;re not so sure, but we recommend you take steps to avoid it anyway.</code><br><br><a href="https://nakedsecurity.sophos.com/2022/01/04/apple-home-software-bug-could-lock-you-out-of-your-iphone/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34982">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 13:46:54">
13:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ FTC threatens “legal action” over unpatched Log4j and other vulns ⚠</strong><br><br><code>Remember the Equifax breach? Remember the $700m penalty? In case you&apos;d forgotten, here&apos;s the FTC to refresh your memory!</code><br><br><a href="https://nakedsecurity.sophos.com/2022/01/05/ftc-threatens-legal-action-over-unpatched-log4j-and-other-vulns/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34983">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 14:15:14">
14:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Prosecutors file additional charges against former Uber security chief over 2016 data breach ‘cover up’ 🗓️</strong><br><br><code>Alleged misuse of bug bounty and failure to disclose breach leads to criminal charges</code><br><br><a href="https://portswigger.net/daily-swig/prosecutors-file-additional-charges-against-former-uber-security-chief-over-2016-data-breach-cover-up">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34984">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 14:40:13">
14:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-22110 ‼</strong><br><br><code>In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22110">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34985">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 14:40:15">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2022-22108 ‼</strong><br><br><code>In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22108">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34986">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 14:40:18">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2022-22111 ‼</strong><br><br><code>In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged user in the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22111">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34987">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 14:40:19">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2022-22109 ‼</strong><br><br><code>In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasksâ€� page to view all the tasks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22109">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34988">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 14:40:20">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2022-22107 ‼</strong><br><br><code>In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22107">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34989">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 15:09:38">
15:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Why We Need To Reframe the False-Positive Problem 🕴</strong><br><br><code>Efforts to tune or build behavior- or signature-based threat identification requires time and effort most organizations don&apos;t have.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/why-we-need-to-reframe-the-false-positive-problem">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34990">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 15:12:54">
15:12
       </div>

       <div class="text">
<strong>🦿 Behind the scenes: A day in the life of a cybersecurity curriculum director 🦿</strong><br><br><code>The Kennedy Space Center kick-started Andee Harston&apos;s career in cybersecurity. Here&apos;s how she worked her way up to overseeing the cybersecurity curriculum for Infosec.</code><br><br><a href="https://www.techrepublic.com/article/behind-the-scenes-a-day-in-the-life-of-a-cybersecurity-curriculum-director/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34991">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 15:12:56">
15:12
       </div>

       <div class="text">
<strong>🦿 MalSmoke attack: Zloader malware exploits Microsoft&apos;s signature verification to steal sensitive data 🦿</strong><br><br><code>Already impacting more than 2,000 victims, the malware is able to modify a DLL file digitally signed by Microsoft, says Check Point Research.</code><br><br><a href="https://www.techrepublic.com/article/malsmoke-attack-zloader-malware-exploits-microsofts-signature-verification-to-steal-sensitive-data/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34992">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 16:20:50">
16:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ FTC to Go After Companies that Ignore Log4j ❌</strong><br><br><code>Companies that fail to protect secure consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned.</code><br><br><a href="https://threatpost.com/ftc-pursue-companies-log4j/177368/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34993">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 16:39:42">
16:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Which Cloud Strategy Is Right For My Organization&apos;s Security Needs? 🕴</strong><br><br><code>The massive Amazon Web Services outage in December had many security leaders asking whether they should be going multicloud or multiregion for their cloud environments.</code><br><br><a href="https://www.darkreading.com/edge-ask-the-experts/which-cloud-strategy-is-right-for-my-organization-security-needs">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34994">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 16:39:44">
16:39
       </div>

       <div class="text">
<strong>🕴 FTC: Companies Could Face Legal Action for Failing to Patch Log4j 🕴</strong><br><br><code>The FTC will pursue companies that fail to take steps to protect consumer data from exposure due to Log4j, officials report.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/ftc-companies-could-face-legal-action-for-failing-to-patch-log4j">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34995">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 16:39:46">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-28712 ‼</strong><br><br><code>Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as &quot;driver domains&quot;. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn&apos;t have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28712">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34996">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 16:39:47">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38918 ‼</strong><br><br><code>IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38918">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34997">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 16:39:48">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-28711 ‼</strong><br><br><code>Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as &quot;driver domains&quot;. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn&apos;t have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28711">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message34998">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 16:39:49">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-28713 ‼</strong><br><br><code>Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as &quot;driver domains&quot;. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn&apos;t have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28713">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message34999">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 17:19:56">
17:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Top Tips for Preventing BEC Scams 🔏</strong><br><br><code>Business email compromise scams have cost companies billions over the past several years. How can businesses best protect themselves against a BEC scam? We asked a panel of experts.</code><br><br><a href="https://digitalguardian.com/blog/top-tips-preventing-bec-scams">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35000">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 17:50:48">
17:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails ❌</strong><br><br><code>A simple-to-exploit bug that allows bad actors to send emails from Uber&apos;s official system -- skating past email security -- went unaddressed despite multiple flagging by researchers.</code><br><br><a href="https://threatpost.com/uber-bug-ignored-emails/177395/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35001">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 18:09:48">
18:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 NY AG: 1.1M Online Consumer Accounts Found Compromised in Credential-Stuffing Attacks 🕴</strong><br><br><code>Stolen credentials tied to cyberattack incidents at 17 &quot;well-known&quot; online retailers, restaurant chains, food delivery services.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/ny-ag-1-1m-online-accounts-compromised-in-credential-stuffing-attack">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35002">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 18:20:48">
18:20
       </div>

       <div class="text">
<strong>❌ Broward Breach Highlights Healthcare Supply-Chain Problems ❌</strong><br><br><code>More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in October.</code><br><br><a href="https://threatpost.com/broward-breach-healthcare-supply-chain/177401/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35003">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 18:40:18">
18:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-21652 ‼</strong><br><br><code>Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can&apos;t be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21652">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35004">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 18:40:20">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2022-21642 ‼</strong><br><br><code>Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21642">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35005">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 18:40:21">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-45831 ‼</strong><br><br><code>A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45831">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35006">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 18:40:22">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-45830 ‼</strong><br><br><code>A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45830">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35007">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 18:40:23">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-43816 ‼</strong><br><br><code>containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43816">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35008">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 18:40:24">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-43779 ‼</strong><br><br><code>GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions &lt; 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server&apos;s underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43779">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35009">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 18:40:25">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2022-21651 ‼</strong><br><br><code>Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21651">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35010">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 19:09:53">
19:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New Attack Campaign Exploits Microsoft Signature Verification 🕴</strong><br><br><code>The Malsmoke attack group is behind a campaign that has exploited the Microsoft e-signature verification tool to target 2,100 victims.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/new-attack-campaign-exploits-microsoft-signature-verification">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35011">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 19:22:47">
19:22
       </div>

       <div class="text">
<strong>❌ ‘Elephant Beetle’ Lurks for Months in Networks ❌</strong><br><br><code>The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.</code><br><br><a href="https://threatpost.com/elephant-beetle-months-networks-financial/177393/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35012">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 20:20:54">
20:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 1.1M Compromised Accounts Found at 17 Major Companies ❌</strong><br><br><code>The accounts fell victim to credential-stuffing attacks, according to the New York State AG.</code><br><br><a href="https://threatpost.com/compromised-accounts-17-major-companies/177417/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35013">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 20:40:22">
20:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-45832 ‼</strong><br><br><code>A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45832">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35014">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 20:40:25">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2022-21653 ‼</strong><br><br><code>Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don&apos;t override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21653">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35015">

      <div class="body">

       <div class="pull_right date details" title="05.01.2022 20:40:26">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-45833 ‼</strong><br><br><code>A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45833">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-1006">

      <div class="body details">
6 January 2022
      </div>

     </div>

     <div class="message default clearfix" id="message35016">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 03:40:38">
03:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-46144 ‼</strong><br><br><code>Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46144">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35017">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 03:40:40">
03:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-43947 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43947">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35018">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 03:40:42">
03:40
       </div>

       <div class="text">
<strong>‼ CVE-2022-0121 ‼</strong><br><br><code>hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0121">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35019">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 03:40:43">
03:40
       </div>

       <div class="text">
<strong>‼ CVE-2022-22704 ‼</strong><br><br><code>The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22704">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35020">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 03:40:44">
03:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-46141 ‼</strong><br><br><code>An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46141">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35021">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 03:40:45">
03:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-46143 ‼</strong><br><br><code>In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46143">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35022">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 03:40:46">
03:40
       </div>

       <div class="text">
<strong>‼ CVE-2022-0122 ‼</strong><br><br><code>forge is vulnerable to URL Redirection to Untrusted Site</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0122">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35023">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 03:40:47">
03:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-46142 ‼</strong><br><br><code>An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46142">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35024">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 08:14:01">
08:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Insecure Amazon S3 bucket exposed personal data on 500,000 Ghanaian graduates 🗓️</strong><br><br><code>Cloud storage misconfiguration left sensitive data openly accessible</code><br><br><a href="https://portswigger.net/daily-swig/insecure-amazon-s3-bucket-exposed-personal-data-on-500-000-ghanaian-graduates">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35025">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 08:40:49">
08:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-22707 ‼</strong><br><br><code>In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes), as demonstrated by remote denial of service (daemon crash).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22707">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35026">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 08:40:50">
08:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-36737 ‼</strong><br><br><code>The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36737">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35027">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 08:40:52">
08:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-36738 ‼</strong><br><br><code>The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36738">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35028">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 08:40:53">
08:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-46145 ‼</strong><br><br><code>The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46145">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35029">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 08:40:54">
08:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-36739 ‼</strong><br><br><code>The &quot;first name&quot; and &quot;last name&quot; fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36739">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35030">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 10:14:05">
10:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Kazakhstan government shuts down internet following country-wide protests 🗓️</strong><br><br><code>This isn’t the first time the landlocked nation has restricted web access for citizens</code><br><br><a href="https://portswigger.net/daily-swig/kazakhstan-government-shuts-down-internet-following-country-wide-protests">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35031">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 10:17:13">
10:17
       </div>

       <div class="text">
<strong>⚠ FTC threatens “legal action” over unpatched Log4j and other vulns ⚠</strong><br><br><code>Remember the Equifax breach? Remember the $700m penalty? In case you&apos;d forgotten, here&apos;s the FTC to refresh your memory!</code><br><br><a href="https://nakedsecurity.sophos.com/2022/01/05/ftc-threatens-legal-action-over-unpatched-log4j-and-other-vulns/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35032">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 10:40:55">
10:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44564 ‼</strong><br><br><code>A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35033">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 10:40:56">
10:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-44351 ‼</strong><br><br><code>An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44351">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35034">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 10:47:15">
10:47
       </div>

       <div class="text">
<strong>⚠ S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript] ⚠</strong><br><br><code>We&apos;re back for 2022 - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2022/01/06/s3-ep64-log4shell-again-scammers-keeping-busy-and-apple-home-bug-podcast-transcript/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35035">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 11:21:20">
11:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Attackers Exploit Flaw in Google Docs’ Comments Feature ❌</strong><br><br><code>A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said.</code><br><br><a href="https://threatpost.com/attackers-exploit-flaw-google-docs-comments/177412/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35036">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:16:03">
12:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ New York Attorney General flags 1.1 million online accounts compromised by credential stuffing attacks 🗓️</strong><br><br><code>Bureau of Internet and Technology helped affected organizations secure accounts and bolster defenses</code><br><br><a href="https://portswigger.net/daily-swig/new-york-attorney-general-flags-1-1-million-online-accounts-compromised-by-credential-stuffing-attacks">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35037">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:16:05">
12:16
       </div>

       <div class="text">
<strong>🕴 Hybrid Multicloud Strategies Are Keeping the Public Sector at the Forefront of Threat Mitigation 🕴</strong><br><br><code>Zero trust, DevSecOps, and agile methodologies are critical in bridging the power of commercial multicloud environments and the security of private data centers.</code><br><br><a href="https://www.darkreading.com/cloud/hybrid-multicloud-strategies-are-keeping-the-public-sector-at-the-forefront-of-threat-mitigation">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35038">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:40:59">
12:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44590 ‼</strong><br><br><code>In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44590">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35039">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:41:00">
12:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-27738 ‼</strong><br><br><code>All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27738">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35040">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:41:02">
12:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-45457 ‼</strong><br><br><code>In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45457">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35041">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:41:04">
12:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-45456 ‼</strong><br><br><code>Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal project name to pass the check and perform the following steps, resulting in a command injection vulnerability. This issue affects Apache Kylin 4.0.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45456">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35042">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:41:06">
12:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-31522 ‼</strong><br><br><code>Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31522">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35043">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:41:07">
12:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-45458 ‼</strong><br><br><code>Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin&apos;s configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45458">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35044">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:41:08">
12:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-44878 ‼</strong><br><br><code>Pac4j v5.1 and earlier allows (by default) clients to accept and successfully validate ID Tokens with &quot;none&quot; algorithm (i.e., tokens with no signature) which is not secure and violates the OpenID Core Specification. The &quot;none&quot; algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using &quot;none&quot; as the value of &quot;alg&quot; key in the header with an empty signature value.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44878">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35045">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:41:09">
12:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-44584 ‼</strong><br><br><code>Cross-site scripting (XSS) vulnerability in index.php in emlog version &lt;= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44584">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35046">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:41:11">
12:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-44591 ‼</strong><br><br><code>In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44591">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35047">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:41:12">
12:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-36774 ‼</strong><br><br><code>Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36774">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35048">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 12:51:20">
12:51
       </div>

       <div class="text">
<strong>❌ Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying ❌</strong><br><br><code>The &apos;NoReboot&apos; technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen.</code><br><br><a href="https://threatpost.com/apple-iphone-malware-fake-shutdowns-spying/177420/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35049">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 13:14:06">
13:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Java RMI services often vulnerable to SSRF attacks 🗓️</strong><br><br><code>Trust boundaries breached by security shortcomings</code><br><br><a href="https://portswigger.net/daily-swig/java-rmi-services-often-vulnerable-to-ssrf-attacks">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35050">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 13:43:20">
13:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Hackers exploit Google Docs in new phishing campaign 🦿</strong><br><br><code>Attackers are taking advantage of the comment feature in Google Docs to send people emails with malicious links, says Avanan.</code><br><br><a href="https://www.techrepublic.com/article/hackers-exploit-google-docs-in-new-phishing-campaign/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35051">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 13:51:23">
13:51
       </div>

       <div class="text">
<strong>❌ Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover ❌</strong><br><br><code>ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch.</code><br><br><a href="https://threatpost.com/unpatched-vmware-bug-hypervisor-takeover/177428/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35052">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:03">
14:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-46076 ‼</strong><br><br><code>Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46076">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35053">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:04">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46070 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46070">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35054">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:06">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-45744 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45744">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35055">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:07">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46079 ‼</strong><br><br><code>An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46079">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35056">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:09">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46067 ‼</strong><br><br><code>In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46067">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35057">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:12">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46068 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46068">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35058">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:13">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46069 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46069">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35059">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:14">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46075 ‼</strong><br><br><code>A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46075">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35060">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:15">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46080 ‼</strong><br><br><code>A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46080">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35061">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:16">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46074 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46074">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35062">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:18">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46071 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46071">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35063">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:20">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46073 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46073">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35064">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:22">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46078 ‼</strong><br><br><code>An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46078">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35065">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:23">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46072 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46072">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35066">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:41:24">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-45745 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45745">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35067">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:47:07">
14:47
       </div>

       <div class="text">
<strong>🕴 New Mac Malware Samples Underscore Growing Threat 🕴</strong><br><br><code>A handful of malicious tools that emerged last year showed threat actors may be getting more serious about attacking Apple macOS and iOS environments.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/new-mac-malware-samples-underscore-growing-threat">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35068">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 14:51:23">
14:51
       </div>

       <div class="text">
<strong>❌ Google Voice Authentication Scam Leaves Victims on the Hook ❌</strong><br><br><code>The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers, that it sent out an alert this week.</code><br><br><a href="https://threatpost.com/google-voice-authentication-scam/177421/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35069">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 15:16:12">
15:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Rethinking Cybersecurity Jobs as a Vocation Instead of a Profession 🕴</strong><br><br><code>The prevailing mindset is that security practitioners are professionals, and thus, require a college degree. But there are some flaws in that logic.</code><br><br><a href="https://www.darkreading.com/careers-and-people/rethinking-cybersecurity-jobs-as-a-vocation-instead-of-a-profession">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35070">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 16:16:21">
16:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CDN Cache Poisoning Allows DoS Attacks Against Cloud Apps 🕴</strong><br><br><code>A Romanian researcher discovers more than 70 vulnerabilities in how applications and their content delivery networks handle cache misses that open the doors to denial-of-service attacks.</code><br><br><a href="https://www.darkreading.com/cloud/cache-poisoning-of-cdns-allows-dos-attacks-against-cloud-apps">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35071">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 16:41:07">
16:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-28714 ‼</strong><br><br><code>Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel&apos;s netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28714">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35072">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 16:41:09">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2022-0128 ‼</strong><br><br><code>vim is vulnerable to Out-of-bounds Read</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35073">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 16:41:10">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-43045 ‼</strong><br><br><code>A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43045">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35074">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 16:41:11">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-28715 ‼</strong><br><br><code>Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel&apos;s netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28715">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35075">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 16:41:12">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-4194 ‼</strong><br><br><code>bookstack is vulnerable to Improper Access Control</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4194">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35076">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 16:46:18">
16:46
       </div>

       <div class="text">
<strong>🕴 Convergence Zone: CNAPP Aids in Integrated Cloud-Native Security 🕴</strong><br><br><code>Cloud Native Application Protection Platforms (CNAPP) allow organizations to secure cloud-native applications across the full application life cycle.</code><br><br><a href="https://www.darkreading.com/cloud/convergence-zone-cnapp-aids-in-integrated-cloud-native-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35077">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 16:51:26">
16:51
       </div>

       <div class="text">
<strong>❌ Activision Files Unusual Lawsuit over Call of Duty Cheat Codes ❌</strong><br><br><code>Activision is suing to shut down the EngineOwning cheat-code site and hold individual developers and coders liable for damages.</code><br><br><a href="https://threatpost.com/activision-lawsuit-call-of-duty-cheat-codes/177443/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35078">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 17:16:24">
17:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New Mexico&apos;s Bernalillo County Investigates Ransomware Attack 🕴</strong><br><br><code>A suspected ransomware attack has led Bernalillo County officials to take systems offline and sever network connections.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/new-mexico-s-bernalillo-county-investigates-ransomware-attack">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35079">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 18:41:12">
18:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-46042 ‼</strong><br><br><code>A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46042">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35080">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 18:41:12">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46041 ‼</strong><br><br><code>A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46041">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35081">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 18:41:14">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46040 ‼</strong><br><br><code>A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46040">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35082">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 18:41:15">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-46039 ‼</strong><br><br><code>A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Service (context-dependent).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46039">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35083">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 20:11:16">
20:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-46044 ‼</strong><br><br><code>A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46044">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35084">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 20:11:17">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-42841 ‼</strong><br><br><code>Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim&apos;s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim&apos;s cookie-based authentication credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42841">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35085">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 20:11:19">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-46043 ‼</strong><br><br><code>A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46043">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35086">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 20:16:36">
20:16
       </div>

       <div class="text">
<strong>🕴 Google Docs Comments Weaponized in New Phishing Campaign 🕴</strong><br><br><code>Attackers use the comment feature in Google Docs to email victims and lure them into clicking malicious links.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/google-docs-comments-weaponized-in-new-phishing-campaign">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35087">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 22:16:21">
22:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25743 ‼</strong><br><br><code>kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25743">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35088">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 22:16:23">
22:16
       </div>

       <div class="text">
<strong>‼ CVE-2022-21664 ‼</strong><br><br><code>WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there&apos;s potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21664">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35089">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 22:16:24">
22:16
       </div>

       <div class="text">
<strong>‼ CVE-2022-21661 ‼</strong><br><br><code>WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21661">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35090">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 22:16:25">
22:16
       </div>

       <div class="text">
<strong>‼ CVE-2022-21663 ‼</strong><br><br><code>WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21663">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35091">

      <div class="body">

       <div class="pull_right date details" title="06.01.2022 22:16:27">
22:16
       </div>

       <div class="text">
<strong>‼ CVE-2022-21662 ‼</strong><br><br><code>WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21662">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-1007">

      <div class="body details">
7 January 2022
      </div>

     </div>

     <div class="message default clearfix" id="message35092">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.01.2022 10:17:32">
10:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Enterprises Worry About Increased Data Risk in Cloud 🕴</strong><br><br><code>The 2021 Strategic Security Survey highlights concerns related to the cloud environment, such as the ability to detect breaches and the increasing number of attacks against cloud systems.</code><br><br><a href="https://www.darkreading.com/edge-threat-monitor/enterprises-worry-about-increased-data-risk-in-cloud">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35093">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.01.2022 12:17:39">
12:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Internet Bug Bounty: High severity vulnerability in Apache HTTP Server could lead to RCE 🗓️</strong><br><br><code>Buffer overflow flaw should be patched immediately</code><br><br><a href="https://portswigger.net/daily-swig/internet-bug-bounty-high-severity-vulnerability-in-apache-http-server-could-lead-to-rce">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35094">

      <div class="body">

       <div class="pull_right date details" title="07.01.2022 12:17:40">
12:17
       </div>

       <div class="text">
<strong>🕴 7 Predictions for Global Energy Cybersecurity in 2022 🕴</strong><br><br><code>Increased digitization makes strong cybersecurity more important than ever.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/7-predictions-for-global-energy-cybersecurity-in-2022">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message35095">

      <div class="body">

       <div class="pull_right date details" title="07.01.2022 12:22:03">
12:22
       </div>

       <div class="text">
<strong>❌ Log4J-Related RCE Flaw in H2 Database Earns Critical Rating ❌</strong><br><br><code>Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.</code><br><br><a href="https://threatpost.com/log4j-related-flaw-h2-database/177448/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35096">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.01.2022 12:44:34">
12:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Latest WordPress security release fixes XSS, SQL injection bugs 🗓️</strong><br><br><code>Quartet of software flaws addressed ahead of next major release of popular CMS</code><br><br><a href="https://portswigger.net/daily-swig/latest-wordpress-security-release-fixes-xss-sql-injection-bugs">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message35097">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.01.2022 13:14:32">
13:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Researchers discover Log4j-like flaw in H2 database console 🗓️</strong><br><br><code>Impact of JNDI bug mitigated by vulnerable behavior being disabled by default</code><br><br><a href="https://portswigger.net/daily-swig/researchers-discover-log4j-like-flaw-in-h2-database-console">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <a class="pagination block_link" href="messages36.html">
Next messages
     </a>

    </div>

   </div>

  </div>

 </body>

</html>