βΌ CVE-2020-28381 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23930 βΌ
π Read
via "National Vulnerability Database".
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23936 βΌ
π Read
via "National Vulnerability Database".
OX App Suite through 7.10.4 allows XSS via the subject of a task.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28395 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28391 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23927 βΌ
π Read
via "National Vulnerability Database".
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23932 βΌ
π Read
via "National Vulnerability Database".
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26990 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), JT2Go (V 13.1.0), Teamcenter Visualization (All Versions < V13.1.0), Teamcenter Visualization (V 13.1.0). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36191 βΌ
π Read
via "National Vulnerability Database".
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).π Read
via "National Vulnerability Database".
βΌ CVE-2020-28374 βΌ
π Read
via "National Vulnerability Database".
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.π Read
via "National Vulnerability Database".
β CISOs Prep For COVID-19 Exposure Notification in the Workplace β
π Read
via "Threat Post".
Security teams are preparing for the inevitable return to the workplace - and the privacy implications of exposure notification apps that companies may need to adopt.π Read
via "Threat Post".
Threat Post
CISOs Prep For COVID-19 Exposure Notification in the Workplace
Security teams are preparing for the inevitable return to the workplace - and the privacy implications of exposure notification apps that companies may need to adopt.
π΄ The Data-Centric Path to Zero Trust π΄
π Read
via "Dark Reading".
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.π Read
via "Dark Reading".
Dark Reading
The Data-Centric Path to Zero Trust
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
β Home schooling β how to stay secure β
π Read
via "Naked Security".
Whether youβre new to home schooling or an old hand, itβs worth taking a moment to ensure youβre doing it securely.π Read
via "Naked Security".
Naked Security
Home schooling β how to stay secure
Whether youβre new to home schooling or an old hand, itβs worth taking a moment to ensure youβre doing it securely.
β Sophisticated Hacks Against Android, Windows Reveals Zero-Day Trove β
π Read
via "Threat Post".
Watering-hole attacks executed by βexpertsβ exploited Chrome, Windows and Android flaws and were carried out on two servers.π Read
via "Threat Post".
Threat Post
Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
Watering-hole attacks executed by βexpertsβ exploited Chrome, Windows and Android flaws and were carried out on two servers.
π¦Ώ CES 2021: All of the business tech news you need to know π¦Ώ
π Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.π Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
β Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data β
π Read
via "Threat Post".
On the heels of a cyberattack on the EMA, cybercriminals have now leaked Pfizer and BioNTech COVID-19 vaccine data on the internet.π Read
via "Threat Post".
Threat Post
Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data
On the heels of a cyberattack on the EMA, cybercriminals have now leaked Pfizer and BioNTech COVID-19 vaccine data on the internet.
βΌ CVE-2021-21607 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21606 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21614 βΌ
π Read
via "National Vulnerability Database".
Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21604 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21608 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.π Read
via "National Vulnerability Database".