‼ CVE-2020-35517 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36115 ‼
📖 Read
via "National Vulnerability Database".
Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25647 ‼
📖 Read
via "National Vulnerability Database".
Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly or using the mobile application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20184 ‼
📖 Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-1725 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20186 ‼
📖 Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35754 ‼
📖 Read
via "National Vulnerability Database".
OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3337 ‼
📖 Read
via "National Vulnerability Database".
The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20185 ‼
📖 Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.📖 Read
via "National Vulnerability Database".
🕴 Law Enforcement Aims to Take Down Netwalker Ransomware 🕴
📖 Read
via "Dark Reading".
The Department of Justice has so far charged one Canadian national and seized nearly $500,000 in relation to Netwalker ransomware.📖 Read
via "Dark Reading".
Dark Reading
Law Enforcement Aims to Take Down Netwalker Ransomware
The Department of Justice has so far charged one Canadian national and seized nearly $500,000 in relation to Netwalker ransomware.
🦿 Data privacy laws: A mini glossary 🦿
📖 Read
via "Tech Republic".
Wondering which data privacy laws affect your area or the type of data you're working with? Find out with this glossary of rules from around the world.📖 Read
via "Tech Republic".
TechRepublic
Data privacy laws: A mini glossary
Wondering which data privacy laws affect your area or the type of data you're working with? Find out with this glossary of rules from around the world.
‼ CVE-2020-8585 ‼
📖 Read
via "National Vulnerability Database".
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3336 ‼
📖 Read
via "National Vulnerability Database".
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3341 ‼
📖 Read
via "National Vulnerability Database".
A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26307 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26306 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26304 ‼
📖 Read
via "National Vulnerability Database".
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26308 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26303 ‼
📖 Read
via "National Vulnerability Database".
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26305 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.📖 Read
via "National Vulnerability Database".
🕴 2020 Marked a Renaissance in DDoS Attacks 🕴
📖 Read
via "Dark Reading".
Amid the global pandemic, cybercriminals ramped up use of one of the oldest attack techniques around.📖 Read
via "Dark Reading".
Dark Reading
2020 Marked a Renaissance in DDoS Attacks
Amid the global pandemic, cybercriminals ramped up use of one of the oldest attack techniques around.