βΌ CVE-2021-3375 βΌ
π Read
via "National Vulnerability Database".
ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22425 βΌ
π Read
via "National Vulnerability Database".
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22427 βΌ
π Read
via "National Vulnerability Database".
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into a request.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35512 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in D-Bus 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviorsπ Read
via "National Vulnerability Database".
βΌ CVE-2021-27219 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.π Read
via "National Vulnerability Database".
β Cybercrooks Rake in $304M in Romance Scams β
π Read
via "Threat Post".
The number of people being targeted by fake relationship-seekers has spiked during the COVID-19 pandemic.π Read
via "Threat Post".
Threat Post
Cybercrooks Rake in $304M in Romance Scams
The number of people being targeted by fake relationship-seekers has spiked during the COVID-19 pandemic.
βΌ CVE-2020-28337 βΌ
π Read
via "National Vulnerability Database".
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29142 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27211 βΌ
π Read
via "National Vulnerability Database".
steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27201 βΌ
π Read
via "National Vulnerability Database".
Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment.π Read
via "National Vulnerability Database".
β How one man silently infiltrated dozens of high-tech networks β
π Read
via "Naked Security".
Ever counted how many external source code dependencies your fancy new software product has? Be prepared for a surprise!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2021-27234 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27233 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27235 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27229 βΌ
π Read
via "National Vulnerability Database".
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27236 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27231 βΌ
π Read
via "National Vulnerability Database".
Hestia Control Panel through 1.3.3, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.π Read
via "National Vulnerability Database".
π¦Ώ Top 5 security risks to connected cars, according to Trend Micro π¦Ώ
π Read
via "Tech Republic".
Analysts from Trend Micro rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars.π Read
via "Tech Republic".
TechRepublic
Top 5 security risks to connected cars, according to Trend Micro
Analysts from Trend Micro rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars.
π¦Ώ State of malware: 3 key findings in the latest Malwarebytes report π¦Ώ
π Read
via "Tech Republic".
Spyware activity spiked in 2020, and the malware-as-a-service business model got more sophisticated.π Read
via "Tech Republic".
TechRepublic
State of malware: 3 key findings in the latest Malwarebytes report
Spyware activity spiked in 2020, and the malware-as-a-service business model got more sophisticated.
β Romance scams at all-time high: hereβs what you need to know β
π Read
via "Naked Security".
It's heartbreaking to get sucked into a romance scam, or to watch a friend or family member getting sucked in. Here's what to do...π Read
via "Naked Security".
Naked Security
Romance scams at all-time high: hereβs what you need to know
Itβs heartbreaking to get sucked into a romance scam, or to watch a friend or family member getting sucked in. Hereβs what to doβ¦
π΄ Black History Month 2021: Time to Talk Diversity and Cybersecurity π΄
π Read
via "Dark Reading".
In an industry that consistently needs new ideas, it's essential to have individuals who think, speak, and act in diverse ways.π Read
via "Dark Reading".
Dark Reading
Black History Month 2021: Time to Talk Diversity and Cybersecurity
In an industry that consistently needs new ideas, it's essential to have individuals who think, speak, and act in diverse ways.