CVE-2021-33669 – SAP Mobile SDK Certificate Provider – Insecure Temporary File Storage – Potential Symlink Attack & Denial of Service
CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows, macOS, Linux
CVE-2021-22929 – Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware /Brave-Browser/tor/data/tor.log
Being “root” on two Agriculture Companies (in Good Faith). Maxing out the John Deere Operations Center Worldwide and Case Industrial in Brazil [Agricultural Security & Hacking]
CVE-2021-29923 – golang standard library “net” – Improper Input Validation of octal literals in golang 1.16.2 and below standard library “net” results in indeterminate SSRF & RFI vulnerabilities.
CVE-2021-29922 – rust standard library “net” – Improper Input Validation of octal literals in rust 1.52.0 std::net and below results in indeterminate SSRF & RFI vulnerabilities.
[RELEASE] Android Docker Container – Dock Droid – Run QEMU Android in a Docker! X11 Forwarding! CI/CD for Android x86 in Docker!
CVE-2021-27616 – SAP Business One Hana (Chef Cookbook) – Exposure of Backup File to an Unauthorized Control Sphere via Insecure Temporary File Storage.
CVE-2021-27614 – SAP Business One Hana (Chef Cookbook) – Incorrect Permission Assignment for Critical Resources – Root Privilege Escalation Vulnerability
CVE-2021-27613 – SAP Business One Hana (Chef Cookbook) – Insecure Temporary File For Incoming & Outgoing Payroll Data – SAP Business One Chef Cookbook.
CVE-2021-27231 – Hestia Control Panel 1.4.0 and below – Subdomain Takeover – Improper Privilege Management
CVE-2021-29921 – python stdlib “ipaddress” – Improper Input Validation of octal literals in python 3.8.0 thru v3.10 results in indeterminate SSRF & RFI vulnerabilities. — “ipaddress leading zeros in IPv4 address”
Leaky John Deere API’s: Serious Food Supply Chain Vulnerabilities Discovered by Sick Codes, Kevin Kenney & Willie Cade.
SICK-2021-031 – John Deere Operations Center – Improper Authorization Allows Exposure of Sensitive Information to an Unauthorized Actor via Farming Equipment VIN API – iOS 5.1.2 and below, Android 5.1.4 and below, Web App
SICK-2021-012 – John Deere Account Portal – Information Disclosure – Rate Limitless Username Enumeration Via Unauthenticated Availability Look-ups.
How To Mount Images or Devices Inside Docker Containers (losetup, loopback, ISO files, disk images, raw images, ext4, exfat, hfs, apfs)
CVE-2021-29662 – Perl module Data::Validate::IP – Improper Input Validation of octal literals in Perl Data::Validate::IP v0.29 and below results in indeterminate SSRF & RFI vulnerabilities.
Universal “netmask” npm package, used by 270,000+ projects, vulnerable to octal input data: server-side request forgery, remote file inclusion, local file inclusion, and more (CVE-2021-28918)
CVE-2021-28918 – netmask npm package – Improper Input Validation in netmask npm package v1.1.0 and below of octal literals results in indeterminate SSRF & RFI vulnerabilities.
Finding a Vulnerability in Teamwork Cloud Server (NoMagic, 3DS), Which Is Used By Gov/Enterprise to Design Rockets, Missiles, and Satellites.
CVE-2020-25507 – NoMagic (Dassault Systèmes 3DS) Teamwork Cloud 18.0-19.0 – Incorrect Permissions Assignment for a Critical Resource Allows Arbitrary Code Execution and Local Privilege Escalation to Root.
How to Forensically Recover/Copy/Image a Disk (Including Testdisk/PhotoRec Deleted File Recovery [lost+found]), and How To Defend Your Disks.
