‼ CVE-2021-1056 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1053 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1052 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28468 ‼
📖 Read
via "National Vulnerability Database".
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.📖 Read
via "National Vulnerability Database".
❌ FBI Warns of Egregor Attacks on Businesses Worldwide ❌
📖 Read
via "Threat Post".
The agency said the malware has already compromised more than 150 organizations and provided insight into its ransomware-as-a-service behavior.📖 Read
via "Threat Post".
Threat Post
FBI Warns of Egregor Attacks on Businesses Worldwide
The agency said the malware has already compromised more than 150 organizations and provided insight into its ransomware-as-a-service behavior.
🕴 Top 5 'Need to Know' Coding Defects for DevSecOps 🕴
📖 Read
via "Dark Reading".
Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.📖 Read
via "Dark Reading".
Dark Reading
Top 5 'Need to Know' Coding Defects for DevSecOps
Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.
‼ CVE-2020-7794 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function install(requestedModule).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7784 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC:📖 Read
via "National Vulnerability Database".
🔏 Friday Five 1/8 🔏
📖 Read
via "Digital Guardian".
Anti-secrecy activists, insider threats, and exhaustive asset inventories - catch up on all of the week's infosec news with the Friday Five!📖 Read
via "Digital Guardian".
Digital Guardian
Friday Five 1/8
Anti-secrecy activists, insider threats, and exhaustive asset inventories - catch up on all of the week's infosec news with the Friday Five!
🦿 How to review App Privacy data on your iPhone, iPad, or Mac 🦿
📖 Read
via "Tech Republic".
In organizations, Apple's App Privacy data can start a conversation about privacy-respecting apps as well as help IT leaders stop the use of apps that collect more data than necessary.📖 Read
via "Tech Republic".
TechRepublic
How to review App Privacy data on your iPhone, iPad, or Mac
In organizations, Apple's App Privacy data can start a conversation about privacy-respecting apps as well as help IT leaders stop the use of apps that collect more data than necessary.
❌ SolarWinds Hires Chris Krebs, Alex Stamos in Wake of Hack ❌
📖 Read
via "Threat Post".
Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group - and have been hired by SolarWinds.📖 Read
via "Threat Post".
Threat Post
SolarWinds Hires Chris Krebs, Alex Stamos in Wake of Hack
Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group - and have been hired by SolarWinds.
‼ CVE-2021-1059 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input index is not validated, which may lead to integer overflow, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5804 ‼
📖 Read
via "National Vulnerability Database".
Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4663 ‼
📖 Read
via "National Vulnerability Database".
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186234.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1058 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1066 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1057 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1064 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1060 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1065 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3111 ‼
📖 Read
via "National Vulnerability Database".
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.📖 Read
via "National Vulnerability Database".