‼ CVE-2020-28852 ‼
📖 Read
via "National Vulnerability Database".
In x/text in Go 1.15.4, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28851 ‼
📖 Read
via "National Vulnerability Database".
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35952 ‼
📖 Read
via "National Vulnerability Database".
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28841 ‼
📖 Read
via "National Vulnerability Database".
MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3004 ‼
📖 Read
via "National Vulnerability Database".
The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3005 ‼
📖 Read
via "National Vulnerability Database".
MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI.📖 Read
via "National Vulnerability Database".
❌ 2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud ❌
📖 Read
via "Threat Post".
Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.📖 Read
via "Threat Post".
Threat Post
2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud
Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.
‼ CVE-2020-35963 ‼
📖 Read
via "National Vulnerability Database".
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35964 ‼
📖 Read
via "National Vulnerability Database".
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21495 ‼
📖 Read
via "National Vulnerability Database".
MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3007 ‼
📖 Read
via "National Vulnerability Database".
Zend Framework 3.0.0 has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: the code may be related to Laminas Project laminas-http. Zend Framework is no longer supported by the maintainer. However, not all Zend Framework 3.0.0 vulnerabilities exist in a Laminas Project release.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21494 ‼
📖 Read
via "National Vulnerability Database".
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can leverage this to read the centralmka2 (session token) cookie, which is not set to HTTPOnly.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35965 ‼
📖 Read
via "National Vulnerability Database".
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.📖 Read
via "National Vulnerability Database".
🕴 CISO New Year's Resolutions for 2021 🕴
📖 Read
via "Dark Reading".
Six resolutions for forward-looking cyber-risk leaders.📖 Read
via "Dark Reading".
Dark Reading
CISO New Year's Resolutions for 2021
Six resolutions for forward-looking cyber-risk leaders.
🕴 COVID-19's Acceleration of Cloud Migration & Identity-Centric Security 🕴
📖 Read
via "Dark Reading".
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.📖 Read
via "Dark Reading".
Dark Reading
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.
‼ CVE-2020-4910 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4918 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4928 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4917 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4909 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4942 ‼
📖 Read
via "National Vulnerability Database".
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942.📖 Read
via "National Vulnerability Database".