βΌ CVE-2021-22874 βΌ
π Read
via "National Vulnerability Database".
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.π Read
via "National Vulnerability Database".
π¦Ώ Data Privacy Day: 10 experts give advice for protecting your business π¦Ώ
π Read
via "Tech Republic".
Data Privacy Day is dedicated to achieving sound privacy practices to protect businesses and customers. Learn insights from 10 experts in the field to help safeguard your company.π Read
via "Tech Republic".
TechRepublic
Data Privacy Day: 10 experts give advice for protecting your business
Data Privacy Day is dedicated to achieving sound privacy practices to protect businesses and customers. Learn insights from 10 experts in the field to help safeguard your company.
π¦Ώ How to install and use ClamAV on Ubuntu Server 20.04 π¦Ώ
π Read
via "Tech Republic".
Your Linux servers could use a system to scan for malicious files. Jack Wallen shows you how with the help of ClamAV.π Read
via "Tech Republic".
TechRepublic
How to install and use ClamAV on Ubuntu Server 20.04
Your Linux servers could use a system to scan for malicious files. Jack Wallen shows you how with the help of ClamAV.
β Rocke Groupβs Malware Now Has Worm Capabilities β
π Read
via "Threat Post".
The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics.π Read
via "Threat Post".
Threat Post
Rocke Groupβs Malware Now Has Worm Capabilities
The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics.
βΌ CVE-2020-1723 βΌ
π Read
via "National Vulnerability Database".
The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20183 βΌ
π Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20187 βΌ
π Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25016 βΌ
π Read
via "National Vulnerability Database".
There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3160 βΌ
π Read
via "National Vulnerability Database".
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26272 βΌ
π Read
via "National Vulnerability Database".
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35517 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36115 βΌ
π Read
via "National Vulnerability Database".
Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25647 βΌ
π Read
via "National Vulnerability Database".
Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly or using the mobile application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20184 βΌ
π Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.π Read
via "National Vulnerability Database".
βΌ CVE-2020-1725 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20186 βΌ
π Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35754 βΌ
π Read
via "National Vulnerability Database".
OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3337 βΌ
π Read
via "National Vulnerability Database".
The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20185 βΌ
π Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.π Read
via "National Vulnerability Database".
π΄ Law Enforcement Aims to Take Down Netwalker Ransomware π΄
π Read
via "Dark Reading".
The Department of Justice has so far charged one Canadian national and seized nearly $500,000 in relation to Netwalker ransomware.π Read
via "Dark Reading".
Dark Reading
Law Enforcement Aims to Take Down Netwalker Ransomware
The Department of Justice has so far charged one Canadian national and seized nearly $500,000 in relation to Netwalker ransomware.
π¦Ώ Data privacy laws: A mini glossary π¦Ώ
π Read
via "Tech Republic".
Wondering which data privacy laws affect your area or the type of data you're working with? Find out with this glossary of rules from around the world.π Read
via "Tech Republic".
TechRepublic
Data privacy laws: A mini glossary
Wondering which data privacy laws affect your area or the type of data you're working with? Find out with this glossary of rules from around the world.