‼ CVE-2020-1723 ‼
📖 Read
via "National Vulnerability Database".
The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20183 ‼
📖 Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20187 ‼
📖 Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-25016 ‼
📖 Read
via "National Vulnerability Database".
There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3160 ‼
📖 Read
via "National Vulnerability Database".
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26272 ‼
📖 Read
via "National Vulnerability Database".
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35517 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36115 ‼
📖 Read
via "National Vulnerability Database".
Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25647 ‼
📖 Read
via "National Vulnerability Database".
Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly or using the mobile application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20184 ‼
📖 Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-1725 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20186 ‼
📖 Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35754 ‼
📖 Read
via "National Vulnerability Database".
OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3337 ‼
📖 Read
via "National Vulnerability Database".
The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20185 ‼
📖 Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.📖 Read
via "National Vulnerability Database".
🕴 Law Enforcement Aims to Take Down Netwalker Ransomware 🕴
📖 Read
via "Dark Reading".
The Department of Justice has so far charged one Canadian national and seized nearly $500,000 in relation to Netwalker ransomware.📖 Read
via "Dark Reading".
Dark Reading
Law Enforcement Aims to Take Down Netwalker Ransomware
The Department of Justice has so far charged one Canadian national and seized nearly $500,000 in relation to Netwalker ransomware.
🦿 Data privacy laws: A mini glossary 🦿
📖 Read
via "Tech Republic".
Wondering which data privacy laws affect your area or the type of data you're working with? Find out with this glossary of rules from around the world.📖 Read
via "Tech Republic".
TechRepublic
Data privacy laws: A mini glossary
Wondering which data privacy laws affect your area or the type of data you're working with? Find out with this glossary of rules from around the world.
‼ CVE-2020-8585 ‼
📖 Read
via "National Vulnerability Database".
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3336 ‼
📖 Read
via "National Vulnerability Database".
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3341 ‼
📖 Read
via "National Vulnerability Database".
A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26307 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.📖 Read
via "National Vulnerability Database".