βΌ CVE-2021-21305 βΌ
π Read
via "National Vulnerability Database".
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26910 βΌ
π Read
via "National Vulnerability Database".
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21288 βΌ
π Read
via "National Vulnerability Database".
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.π Read
via "National Vulnerability Database".
π΄ Chemical Settings at Water Treatment Utility Get Hacked π΄
π Read
via "Dark Reading".
Remote access interface breached at Florida utility; attacker detected raising level of sodium hydroxide in water.π Read
via "Dark Reading".
Dark Reading
Hacker Raised Chemical Settings at Water Treatment Plant to Dangerous Levels
Remote access interface breached at Florida utility; attacker detected raising level of sodium hydroxide in water.
π΄ Malicious Code Injected via Google Chrome Extension Highlights App Risks π΄
π Read
via "Dark Reading".
An open source plug-in purportedly introduced tracking and malicious download code to infect nearly 2 million users, reports say.π Read
via "Dark Reading".
Dark Reading
Malicious Code Injected via Google Chrome Extension Highlights App Risks
An open source plug-in purportedly introduced tracking and malicious download code to infect nearly 2 million users, reports say.
π¦Ώ How to easily check if an email is legit or a scam, and protect yourself and your company π¦Ώ
π Read
via "Tech Republic".
Use these practical guidelines to determine if something's a great deal or too good to be true.π Read
via "Tech Republic".
TechRepublic
How to easily check if an email is legit or a scam, and protect yourself and your company | TechRepublic
Use these practical guidelines to determine if something's a great deal or too good to be true.
π¦Ώ Top 5 reasons not to use fear to encourage security compliance π¦Ώ
π Read
via "Tech Republic".
Security is important in any organization, but getting employees to follow protocol can be a challenge. Tom Merritt offers five reasons why using fear-based motivation techniques is not ideal.π Read
via "Tech Republic".
TechRepublic
Top 5 reasons not to use fear to encourage security compliance
Security is important in any organization, but getting employees to follow protocol can be a challenge. Tom Merritt offers five reasons why using fear-based motivation techniques is not ideal.
π¦Ώ Why you shouldn't use fear to encourage security compliance: 5 reasons π¦Ώ
π Read
via "Tech Republic".
Security is important in any organization, but getting employees to follow protocol can be a challenge. Tom Merritt offers five reasons why using fear-based motivation techniques is not ideal.π Read
via "Tech Republic".
TechRepublic
Top 5 reasons not to use fear to encourage security compliance
Security is important in any organization, but getting employees to follow protocol can be a challenge. Tom Merritt offers five reasons why using fear-based motivation techniques is not ideal.
π¦Ώ Can your organization obtain reasonable cybersecurity? Yes, and here's how π¦Ώ
π Read
via "Tech Republic".
Cybersecurity expectations are vague, and that has to change if there is any chance of approaching a reasonable amount of cybersecurity.π Read
via "Tech Republic".
TechRepublic
Can your organization obtain reasonable cybersecurity? Yes, and here's how
Cybersecurity expectations are vague, and that has to change if there is any chance of approaching a reasonable amount of cybersecurity.
βΌ CVE-2021-22502 βΌ
π Read
via "National Vulnerability Database".
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26916 βΌ
π Read
via "National Vulnerability Database".
In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36148 βΌ
π Read
via "National Vulnerability Database".
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).π Read
via "National Vulnerability Database".
βΌ CVE-2020-8578 βΌ
π Read
via "National Vulnerability Database".
Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the Γ’β¬βremove-private-data parameter is set to true.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26220 βΌ
π Read
via "National Vulnerability Database".
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26528 βΌ
π Read
via "National Vulnerability Database".
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13947 βΌ
π Read
via "National Vulnerability Database".
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25913 βΌ
π Read
via "National Vulnerability Database".
Prototype pollution vulnerability in Γ’β¬˜set-or-getΓ’β¬β’ version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26530 βΌ
π Read
via "National Vulnerability Database".
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26576 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26222 βΌ
π Read
via "National Vulnerability Database".
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26529 βΌ
π Read
via "National Vulnerability Database".
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.π Read
via "National Vulnerability Database".