βΌ CVE-2021-22853 βΌ
π Read
via "National Vulnerability Database".
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as userΓ’β¬β’s login information, further causing the login function not to work.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22855 βΌ
π Read
via "National Vulnerability Database".
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8765 βΌ
π Read
via "National Vulnerability Database".
Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24504 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22854 βΌ
π Read
via "National Vulnerability Database".
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24497 βΌ
π Read
via "National Vulnerability Database".
Insufficient Access Control in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24505 βΌ
π Read
via "National Vulnerability Database".
Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.π Read
via "National Vulnerability Database".
β Masslogger Swipes Microsoft Outlook, Google Chrome Credentials β
π Read
via "Threat Post".
A new version of the Masslogger trojan has been targeting Windows users - now using a compiled HTML (CHM) file format to start the infection chain.π Read
via "Threat Post".
Threat Post
Masslogger Swipes Microsoft Outlook, Google Chrome Credentials
A new version of the Masslogger trojan has been targeting Windows users - now using a compiled HTML (CHM) file format to start the infection chain.
π¦Ώ Microsoft's Power BI gets new tools to prevent leakage of confidential data π¦Ώ
π Read
via "Tech Republic".
Information protection makes sure that only people with permissions see data in Power BI, while retaining the ability to share top-level trends, balancing productivity and security.π Read
via "Tech Republic".
TechRepublic
Microsoft's Power BI gets new tools to prevent leakage of confidential data
Information protection makes sure that only people with permissions see data in Power BI, while retaining the ability to share top-level trends, balancing productivity and security.
π¦Ώ Top 5 things to know about adversarial attacks π¦Ώ
π Read
via "Tech Republic".
Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.π Read
via "Tech Republic".
TechRepublic
Top 5 things to know about adversarial attacks
Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.
π¦Ώ Adversarial attacks: 5 things to know π¦Ώ
π Read
via "Tech Republic".
Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.π Read
via "Tech Republic".
TechRepublic
Top 5 things to know about adversarial attacks
Machine learning is helpful to many organizations in the tech industry, but it can have a downside. Tom Merritt lists five things to know about adversarial attacks.
βΌ CVE-2021-26559 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36003 βΌ
π Read
via "National Vulnerability Database".
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26809 βΌ
π Read
via "National Vulnerability Database".
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35339 βΌ
π Read
via "National Vulnerability Database".
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12365 βΌ
π Read
via "National Vulnerability Database".
Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27362 βΌ
π Read
via "National Vulnerability Database".
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25779 βΌ
π Read
via "National Vulnerability Database".
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36002 βΌ
π Read
via "National Vulnerability Database".
Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id and file parameters where attackers can obtain sensitive database information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25780 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22173 βΌ
π Read
via "National Vulnerability Database".
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture fileπ Read
via "National Vulnerability Database".