‼ CVE-2019-11684 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23965 ‼
📖 Read
via "National Vulnerability Database".
Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24686 ‼
📖 Read
via "National Vulnerability Database".
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28199 ‼
📖 Read
via "National Vulnerability Database".
best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23978 ‼
📖 Read
via "National Vulnerability Database".
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22661 ‼
📖 Read
via "National Vulnerability Database".
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23979 ‼
📖 Read
via "National Vulnerability Database".
Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26904 ‼
📖 Read
via "National Vulnerability Database".
LMA ISIDA Retriever 5.2 allows SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23964 ‼
📖 Read
via "National Vulnerability Database".
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3010 ‼
📖 Read
via "National Vulnerability Database".
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.📖 Read
via "National Vulnerability Database".
⚠ S3 Ep21: Cryptomining clampdown, the 100-ton man, and ScamClub ads [Podcast] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep21: Cryptomining clampdown, the 100-ton man, and ScamClub ads [Podcast]
Latest episode – listen now!
🔏 Friday Five 2/26 🔏
📖 Read
via "Digital Guardian".
Hackers targeting the US electric grid, M1 chip compatibile malware, and a new attack framework for inferring keystrokes - catch up on all of the week's infosec news with the Friday Five!📖 Read
via "Digital Guardian".
Digital Guardian
Friday Five 2/26
Hackers targeting the US electric grid, M1 chip compatibile malware, and a new attack framework for inferring keystrokes - catch up on all of the week's infosec news with the Friday Five!
❌ Yeezy Fans Face Sneaker-Bot Armies for Boost ‘Sun’ Release ❌
📖 Read
via "Threat Post".
Sneaker bots ready to scoop up the new Yeezy Boost 700 “Sun” shoes to resell at a huge markup. 📖 Read
via "Threat Post".
Threat Post
Yeezy Fans Face Sneaker-Bot Armies for Hot Kicks Releases
Sneaker bots are scooping up the new Yeezy "Ash Blue" and "Quantum" shoes to resell at a huge markup.
🕴 Attackers Turn Struggling Software Projects Into Trojan Horses 🕴
📖 Read
via "Dark Reading".
While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code.📖 Read
via "Dark Reading".
Dark Reading
Attackers Turn Struggling Software Projects Into Trojan Horses
While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code.
🕴 Securing Super Bowl LV 🕴
📖 Read
via "Dark Reading".
A peek at open XDR technology, and defense that held up better than the Kansas City Chiefs.📖 Read
via "Dark Reading".
Dark Reading
Securing Super Bowl LV
A peek at open XDR technology, and defense that held up better than the Kansas City Chiefs.
🦿 How stalkerware can threaten your safety and privacy, and how to avoid it 🦿
📖 Read
via "Tech Republic".
With a stalkerware app on your phone, another person can spy on your activities and view your personal information, Kaspersky says.📖 Read
via "Tech Republic".
TechRepublic
How stalkerware can threaten your safety and privacy, and how to avoid it
With a stalkerware app on your phone, another person can spy on your activities and view your personal information, Kaspersky says.
🦿 Business travelers are still at home due to employee worries, the slow vaccine rollout and the patchwork of COVID-19 rules 🦿
📖 Read
via "Tech Republic".
Gartner research finds that only 11% of companies have resumed travel or plan to within the next six months.📖 Read
via "Tech Republic".
TechRepublic
Business travelers are still at home due to employee worries, the slow vaccine rollout and the patchwork of COVID-19 rules
Gartner research finds that only 11% of companies have resumed travel or plan to within the next six months.
‼ CVE-2021-21297 ‼
📖 Read
via "National Vulnerability Database".
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23345 ‼
📖 Read
via "National Vulnerability Database".
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21273 ‼
📖 Read
via "National Vulnerability Database".
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21298 ‼
📖 Read
via "National Vulnerability Database".
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with `projects.read` permission is able to access any file via the Projects API. The issue has been patched in Node-RED 1.2.8. The vulnerability applies only to the Projects feature which is not enabled by default in Node-RED. The primary workaround is not give untrusted users read access to the Node-RED editor.📖 Read
via "National Vulnerability Database".