Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2021-3958: cve/Ipack-Scada-Automation.txt at main · paradessia/cve

Due to improper sanitization iPack SCADA Automation software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system.

CVE
#sql#vulnerability#web#windows#apple#google
CVE-2021-42379: Unboxing BusyBox - 14 new vulnerabilities uncovered by Claroty and JFrog

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function

CVE-2021-42386: Unboxing BusyBox - 14 new vulnerabilities uncovered by Claroty and JFrog | JFrog

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function

CVE-2021-39303: Jamf Pro Release Notes

The server in Jamf Pro before 10.32.0 has a vulnerability affecting integrity and availability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.

Hackers Targeted Hong Kong Apple Devices in Widespread Attack

Visitors to pro-democracy and media sites in the region were infected with malware that could download files, steal data, and more.

North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets: North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets

By Jung soo An and Asheer Malhotra, with contributions from Kendall McKay. Cisco Talos has observed a new malware campaign operated by the Kimsuky APT group since June 2021.Kimsuky, also known as Thallium and Black Banshee, is a North Korean state-sponsored advanced... [[ This is only the beginning! Please visit the blog for the complete entry ]]

U.S. Offers $10 Million Reward for Information on DarkSide Ransomware Group

The U.S. government on Thursday announced a $10 million reward for information that may lead to the identification or location of key individuals who hold leadership positions in the DarkSide ransomware group or any of its rebrands. On top of that, the State Department is offering bounties of up to $5 million for intel and tip-offs that could result in the arrest and/or conviction in any country

CVE-2021-24626: wp-plugin : chameleon-css | Code Vigilant : to err is human.. To fix is Humanity

The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection

CVE-2021-41225: Prevent unitialized variable use in grappler. · tensorflow/tensorflow@68867bf

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

CVE-2021-41204: Don't constant-fold DT_RESOURCE constants. · tensorflow/tensorflow@7731e8d

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.