βΌ CVE-2020-29075 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35852 βΌ
π Read
via "National Vulnerability Database".
Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27568 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27819 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22649 βΌ
π Read
via "National Vulnerability Database".
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27768 βΌ
π Read
via "National Vulnerability Database".
In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22647 βΌ
π Read
via "National Vulnerability Database".
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22645 βΌ
π Read
via "National Vulnerability Database".
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a Γ’β¬œloadΓ’β¬οΏ½ command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22643 βΌ
π Read
via "National Vulnerability Database".
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13697 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, because the GeneralHandler GET handler prints user input passed through the query string without any sanitization.π Read
via "National Vulnerability Database".
β 10K Microsoft Email Users Hit in FedEx Phishing Attack β
π Read
via "Threat Post".
Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express - but that really steal their credentials.π Read
via "Threat Post".
Threat Post
10K Microsoft Email Users Hit in FedEx Phishing Attack
Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express - but that really steal their credentials.
π΄ CVSS as a Framework, Not a Score π΄
π Read
via "Dark Reading".
The venerable system has served us well but is now outdated. Not that it's time to throw the system away -- use it as a framework to measure risk using modern, context-based methods.π Read
via "Dark Reading".
Dark Reading
CVSS as a Framework, Not a Score
The venerable system has served us well but is now outdated. Not that it's time to throw the system away; use it as a framework to measure risk using modern, context-based methods.
βΌ CVE-2021-20242 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20176. Reason: This candidate is a reservation duplicate of CVE-2021-20176. Notes: All CVE users should reference CVE-2021-20176 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14359 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.π Read
via "National Vulnerability Database".
π΄ Security + Fraud Protection: Your One-Two Punch Against Cyberattacks π΄
π Read
via "Dark Reading".
When siloed functions unite in the face of cyberthreats, organizations can continue, uninterrupted, along their paths to digital transformation.π Read
via "Dark Reading".
Dark Reading
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
When siloed functions unite in the face of cyberthreats, organizations can continue, uninterrupted, along their paths to digital transformation.
β Keybase secure messaging fixes photo-leaking bug β patch now! β
π Read
via "Naked Security".
It's a bit like Snapchat all over again - but this bug was quickly fixed.π Read
via "Naked Security".
Naked Security
Keybase secure messaging fixes photo-leaking bug β patch now!
Itβs a bit like Snapchat all over again β but this bug was quickly fixed.
π Zeek 3.2.4 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 3.2.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Finnish IT Giant Hit with Ransomware Cyberattack β
π Read
via "Threat Post".
A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to have spoken with Geir Remman, a [β¦]π Read
via "Threat Post".
Threat Post
Finnish IT Giant Hit with Ransomware Cyberattack
A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attack onβ¦
βΌ CVE-2020-4953 βΌ
π Read
via "National Vulnerability Database".
IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28432 βΌ
π Read
via "National Vulnerability Database".
All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require("theme-core"); a.utils.sh("touch JHU")π Read
via "National Vulnerability Database".
βΌ CVE-2021-25630 βΌ
π Read
via "National Vulnerability Database".
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.π Read
via "National Vulnerability Database".