‼ CVE-2020-4898 ‼
📖 Read
via "National Vulnerability Database".
IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27835 ‼
📖 Read
via "National Vulnerability Database".
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20315 ‼
📖 Read
via "National Vulnerability Database".
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20311 ‼
📖 Read
via "National Vulnerability Database".
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4896 ‼
📖 Read
via "National Vulnerability Database".
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20309 ‼
📖 Read
via "National Vulnerability Database".
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4895 ‼
📖 Read
via "National Vulnerability Database".
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20312 ‼
📖 Read
via "National Vulnerability Database".
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25476 ‼
📖 Read
via "National Vulnerability Database".
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected and reflected in the calendar of the user who submitted the payload. An attacker could escalate its privileges in case an admin visits the calendar that injected the payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20313 ‼
📖 Read
via "National Vulnerability Database".
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-18688 ‼
📖 Read
via "National Vulnerability Database".
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25680 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity.📖 Read
via "National Vulnerability Database".
🦿 How to quickly check to see if your Linux server is under a DDoS attack from a single IP address 🦿
📖 Read
via "Tech Republic".
Jack Wallen shows you an easy way to determine if your Linux server is under a DDoS attack and how to quickly stop it.📖 Read
via "Tech Republic".
TechRepublic
How to quickly check to see if your Linux server is under a DoS attack from a single IP address
Jack Wallen shows you an easy way to determine if your Linux server is under a DDoS attack and how to quickly stop it.
❌ Fired Healthcare Exec Stalls Critical PPE Shipment for Months ❌
📖 Read
via "Threat Post".
A fired Stradis Healthcare employee sought revenge by tampering with shipping data for desperately needed healthcare PPE.📖 Read
via "Threat Post".
Threat Post
Fired Healthcare Exec Stalls Critical PPE Shipment for Months
A fired Stradis Healthcare employee sought revenge by tampering with shipping data for desperately needed healthcare PPE.
🕴 Ransomware Victims' Data Published via DDoSecrets 🕴
📖 Read
via "Dark Reading".
Activists behind Distributed Denial of Secrets has shared 1TB of data pulled from Dark Web sites where it was shared by ransomware attackers.📖 Read
via "Dark Reading".
Dark Reading
Ransomware Victims' Data Published via DDoSecrets
Activists behind Distributed Denial of Secrets has shared 1TB of data pulled from Dark Web sites where it was shared by ransomware attackers.
🕴 How the Shady Zero-Day Sales Game Is Evolving 🕴
📖 Read
via "Dark Reading".
Zero-day vulns are cold, while access-as-a-service is hot. Here's how black market (and gray market) deals go down.📖 Read
via "Dark Reading".
Darkreading
How the Shady Zero-Day Sales Game Is Evolving
Zero-day vulns are cold, while access-as-a-service is hot. Here's how black market (and gray market) deals go down.
🔏 SolarWinds Hackers Hit DOJ, US Court Systems 🔏
📖 Read
via "Digital Guardian".
Federal agencies impacted by last year's supply chain attack on SolarWinds continue to pile up.📖 Read
via "Digital Guardian".
Digital Guardian
SolarWinds Hackers Hit DOJ, US Court Systems
Federal agencies impacted by last year's supply chain attack on SolarWinds continue to pile up.
🕴 Even Small Nations Have Jumped into the Cyber Espionage Game 🕴
📖 Read
via "Dark Reading".
While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a "zero-click" iMessage exploit that targeted journalists last year.📖 Read
via "Dark Reading".
Dark Reading
Even Small Nations Have Jumped into the Cyber Espionage Game
While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a zero-click iMessage exploit that targeted journalists last year.
🦿 Homebrew: How to install vulnerability tools on macOS 🦿
📖 Read
via "Tech Republic".
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to assess vulnerabilities and the security posture of the devices on your network.📖 Read
via "Tech Republic".
TechRepublic
Homebrew: How to install vulnerability tools on macOS
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to assess vulnerabilities and the security posture of the devices on your network.
🦿 10 fastest-growing cybersecurity skills to learn in 2021 🦿
📖 Read
via "Tech Republic".
People with experience in application development security are in the highest demand but cloud expertise commands the biggest paycheck.📖 Read
via "Tech Republic".
❌ Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws ❌
📖 Read
via "Threat Post".
In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.📖 Read
via "Threat Post".
Threat Post
Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws
In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.