‼ CVE-2020-4547 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4786 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4787 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4855 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5428 ‼
📖 Read
via "National Vulnerability Database".
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4952 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4524 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3318 ‼
📖 Read
via "National Vulnerability Database".
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4789 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302.📖 Read
via "National Vulnerability Database".
❌ Sudo Bug Gives Root Access to Mass Numbers of Linux Systems ❌
📖 Read
via "Threat Post".
Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo.📖 Read
via "Threat Post".
Threat Post
Sudo Bug Gives Root Access to Mass Numbers of Linux Systems
Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo.
🦿 Emotet malware taken down by global law enforcement effort 🦿
📖 Read
via "Tech Republic".
The infamous botnet has been disrupted thanks to an international effort across the US, Canada, and several European nations.📖 Read
via "Tech Republic".
TechRepublic
Emotet malware taken down by global law enforcement effort
The infamous botnet has been disrupted thanks to an international effort across the US, Canada, and several European nations.
❌ Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming ❌
📖 Read
via "Threat Post".
A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet.📖 Read
via "Threat Post".
Threat Post
Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming
A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet.
❌ NetWalker Ransomware Suspect Charged: Tor Site Seized ❌
📖 Read
via "Threat Post".
The suspect allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector.📖 Read
via "Threat Post".
Threat Post
NetWalker Ransomware Suspect Charged: Tor Site Seized
The suspect allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector.
‼ CVE-2021-26118 ‼
📖 Read
via "National Vulnerability Database".
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3325 ‼
📖 Read
via "National Vulnerability Database".
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22653 ‼
📖 Read
via "National Vulnerability Database".
Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25226 ‼
📖 Read
via "National Vulnerability Database".
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25224 ‼
📖 Read
via "National Vulnerability Database".
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22637 ‼
📖 Read
via "National Vulnerability Database".
Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3326 ‼
📖 Read
via "National Vulnerability Database".
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25247 ‼
📖 Read
via "National Vulnerability Database".
A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability.📖 Read
via "National Vulnerability Database".