🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Twitter Fined in Irish GDPR Action 🕴

The $547K fine results from an issue Twitter reported in 2019.

📖 Read

via "Dark Reading".
Dark Reading
Twitter Fined in Irish GDPR Action
The $547K fine results from an issue Twitter reported in 2019.
87 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35381 ‼

jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.

📖 Read

via "National Vulnerability Database".
84 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35380 ‼

GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.

📖 Read

via "National Vulnerability Database".
76 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23957 ‼

Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.

📖 Read

via "National Vulnerability Database".
70 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35416 ‼

Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.

📖 Read

via "National Vulnerability Database".
71 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-28072 ‼

A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE.

📖 Read

via "National Vulnerability Database".
79 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-29606 ‼

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

📖 Read

via "National Vulnerability Database".
80 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Concerns Run High as More Details of SolarWinds Hack Emerge 🕴

Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say.

📖 Read

via "Dark Reading".
Dark Reading
Concerns Run High as More Details of SolarWinds Hack Emerge
Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say.
84 views
🛡 Cybersecurity & Privacy 🛡 - News
🦿 How to prepare for quantum computing cybersecurity threats 🦿

Find out two steps your business can take now to prepare employees, as well as infrastructure, for possible quantum computing-related cybersecurity risks.

📖 Read

via "Tech Republic".
TechRepublic
How to prepare for quantum computing cybersecurity threats
Find out two steps your business can take now to prepare employees, as well as infrastructure, for possible quantum computing-related cybersecurity risks.
83 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35467 ‼

The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.

📖 Read

via "National Vulnerability Database".
74 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35466 ‼

The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password.

📖 Read

via "National Vulnerability Database".
74 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-29663 ‼

Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.

📖 Read

via "National Vulnerability Database".
70 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2018-16243 ‼

SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.

📖 Read

via "National Vulnerability Database".
73 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35468 ‼

The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password.

📖 Read

via "National Vulnerability Database".
77 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35121 ‼

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro.

📖 Read

via "National Vulnerability Database".
84 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35193 ‼

The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

📖 Read

via "National Vulnerability Database".
82 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35465 ‼

The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the FullArmor HAPI File Share Mount container may allow the remote attacker to achieve root access with a blank password.

📖 Read

via "National Vulnerability Database".
95 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35463 ‼

Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password.

📖 Read

via "National Vulnerability Database".
92 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35462 ‼

Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password.

📖 Read

via "National Vulnerability Database".
111 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35469 ‼

The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password.

📖 Read

via "National Vulnerability Database".
133 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-35464 ‼

Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.

📖 Read

via "National Vulnerability Database".
167 views