βΌ CVE-2021-25125 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24670 βΌ
π Read
via "National Vulnerability Database".
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25128 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice gethelpdata_func function path traversal vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25124 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25126 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25127 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice generatesslcertificate_func function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24664 βΌ
π Read
via "National Vulnerability Database".
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25138 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice uploadsshkey function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25132 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setmediaconfig_func function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25137 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice startflash_func function.π Read
via "National Vulnerability Database".
π΄ Cloud Security Startup Armo Emerges from Stealth with $4.5M π΄
π Read
via "Dark Reading".
Armo's platform was developed to protect cloud-native workloads and provide DevOps teams with greater visibility and control.π Read
via "Dark Reading".
Dark Reading
Cloud Security Startup Armo Emerges from Stealth with $4.5M
Armo's platform was developed to protect cloud-native workloads and provide DevOps teams with greater visibility and control.
β WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites β
π Read
via "Threat Post".
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.π Read
via "Threat Post".
Threat Post
WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.
β Microsoft 365 Becomes Haven for BEC Innovation β
π Read
via "Threat Post".
Two new phishing tactics use the platform's automated responses to evade email filters.π Read
via "Threat Post".
Threat Post
Microsoft 365 Becomes Haven for BEC Innovation
Two new phishing tactics use the platform's automated responses to evade email filters.
βΌ CVE-2021-21254 βΌ
π Read
via "National Vulnerability Database".
CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17380 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14418 βΌ
π Read
via "National Vulnerability Database".
A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15690 βΌ
π Read
via "National Vulnerability Database".
In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.π Read
via "National Vulnerability Database".
β GnuPG crypto library can be pwned during decryption β patch now! β
π Read
via "Naked Security".
Many, if not most, Linux distros will be affected. Users of other operating systems should check for software that uses libgcrypt.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2021-23329 βΌ
π Read
via "National Vulnerability Database".
The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.π Read
via "National Vulnerability Database".
β Emotet takedown β Europol attacks βworldβs most dangerous malwareβ β
π Read
via "Naked Security".
Great news from Europol - if you've heard of Emotet, you'll have a good idea how badly things often end for its victims.π Read
via "Naked Security".
Naked Security
Emotet takedown β Europol attacks βworldβs most dangerous malwareβ
Great news from Europol β if youβve heard of Emotet, youβll have a good idea how badly things often end for its victims.
π¦Ώ Security chaos engineering helps you find weak links in your cyber defenses before attackers do π¦Ώ
π Read
via "Tech Republic".
Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.π Read
via "Tech Republic".
TechRepublic
Security chaos engineering helps you find weak links in your cyber defenses before attackers do
Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.