‼ CVE-2020-16112 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16109 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25311 ‼
📖 Read
via "National Vulnerability Database".
condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23361 ‼
📖 Read
via "National Vulnerability Database".
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16111 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23360 ‼
📖 Read
via "National Vulnerability Database".
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23359 ‼
📖 Read
via "National Vulnerability Database".
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.📖 Read
via "National Vulnerability Database".
❌ Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline ❌
📖 Read
via "Threat Post".
Hundreds of servers and 1 million Emotet infections have been dismantled globally, while tales have emerged on Twitter that NetWalker's Dark Web leaks site is offline.📖 Read
via "Threat Post".
Threat Post
Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline
Hundreds of servers and 1 million Emotet infections have been dismantled globally, while authorities have taken NetWalker's Dark Web leaks site offline and charged a suspect.
❌ ADT Security Camera Flaw Opened Homes, Stores to Eavesdropping ❌
📖 Read
via "Threat Post".
Researchers publicly disclosed flaws in ADT's LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more.📖 Read
via "Threat Post".
Threat Post
ADT Security Camera Flaws Open Homes to Eavesdropping
Researchers publicly disclosed flaws in ADT's LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more.
🕴 4 Clues to Spot a Bot Network 🕴
📖 Read
via "Dark Reading".
Protect against misinformation and disinformation campaigns by learning how to identify the bot networks spreading falsehoods.📖 Read
via "Dark Reading".
Dark Reading
4 Clues to Spot a Bot Network
Protect against misinformation and disinformation campaigns by learning how to identify the bot networks spreading falsehoods.
🕴 Many Cybersecurity Job Candidates Are Subpar, While On-the-Job Training Falls Short 🕴
📖 Read
via "Dark Reading".
With demand for skilled cybersecurity workers so high, is it really surprising that most companies are seeing fewer qualified applicants?📖 Read
via "Dark Reading".
Dark Reading
Many Cybersecurity Job Candidates Are Subpar, While On-the-Job Training Falls Short
With demand for skilled cybersecurity workers so high, is it really surprising that most companies are seeing fewer qualified applicants?
🔏 Digital Guardian's Most Popular Resources of 2020 🔏
📖 Read
via "Digital Guardian".
What worked for us in 2020? We look back at the most popular eBooks, webinars, and reports from the past 12 months.📖 Read
via "Digital Guardian".
Digital Guardian
Digital Guardian's Most Popular Resources of 2020
What worked for us in 2020? We look back at the most popular eBooks, webinars, and reports from the past 12 months.
🕴 Microsoft Security Business Exceeds $10B in Revenue 🕴
📖 Read
via "Dark Reading".
Microsoft's security division has grown more than 40% year-over-year, the company reports alongside security product updates.📖 Read
via "Dark Reading".
Darkreading
Microsoft Security Business Exceeds $10B in Revenue
Microsoft's security division has grown more than 40% year-over-year, the company reports alongside security product updates.
‼ CVE-2020-4189 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5427 ‼
📖 Read
via "National Vulnerability Database".
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4865 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20357 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4547 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4786 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4787 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4855 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.📖 Read
via "National Vulnerability Database".