‼ CVE-2021-21078 ‼
📖 Read
via "National Vulnerability Database".
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction📖 Read
via "National Vulnerability Database".
❌ Critical Security Hole Can Knock Smart Meters Offline ❌
📖 Read
via "Threat Post".
Unpatched Schneider Electric PowerLogic ION/PM smart meters are open to dangerous attacks.📖 Read
via "Threat Post".
Threat Post
Critical Security Hole Can Knock Smart Meters Offline
Unpatched Schneider Electric PowerLogic ION/PM smart meters are open to dangerous attacks.
‼ CVE-2021-28162 ‼
📖 Read
via "National Vulnerability Database".
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28161 ‼
📖 Read
via "National Vulnerability Database".
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27290 ‼
📖 Read
via "National Vulnerability Database".
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28092 ‼
📖 Read
via "National Vulnerability Database".
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20017 ‼
📖 Read
via "National Vulnerability Database".
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20018 ‼
📖 Read
via "National Vulnerability Database".
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28361 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35682 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).📖 Read
via "National Vulnerability Database".
⚠ Naked Security Live – HAFNIUM explained in plain English ⚠
📖 Read
via "Naked Security".
Latest episode - watch now!📖 Read
via "Naked Security".
Naked Security
Naked Security Live – HAFNIUM explained in plain English
Latest episode – watch now!
‼ CVE-2021-28379 ‼
📖 Read
via "National Vulnerability Database".
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27576 ‼
📖 Read
via "National Vulnerability Database".
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28374 ‼
📖 Read
via "National Vulnerability Database".
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's existence, uid and gids, home and/or Maildir directory, quota, and some type of password information (such as a hash).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28378 ‼
📖 Read
via "National Vulnerability Database".
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28375 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.📖 Read
via "National Vulnerability Database".
🕴 Verkada Breach Demonstrates Danger of Overprivileged Users 🕴
📖 Read
via "Dark Reading".
In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.📖 Read
via "Dark Reading".
Dark Reading
Verkada Breach Demonstrates Danger of Overprivileged Users
In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.
🕴 How to Choose the Right Cybersecurity Framework 🕴
📖 Read
via "Dark Reading".
Cybersecurity frameworks can help reduce your risk of supply chain attacks and increase your competitive advantage.📖 Read
via "Dark Reading".
Dark Reading
How to Choose the Right Cybersecurity Framework
Cybersecurity frameworks can help reduce your risk of supply chain attacks and increase your competitive advantage.
🦿 How to block users from setting up their own cron jobs on Linux 🦿
📖 Read
via "Tech Republic".
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.📖 Read
via "Tech Republic".
TechRepublic
Linux 101: How to block users from setting up their own cron jobs
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.
🦿 Organizations are more likely to purchase tech and services from vendors demonstrating transparency 🦿
📖 Read
via "Tech Republic".
A global study by Intel indicates 73% of respondents gravitate toward companies that proactively find, mitigate and communicate security vulnerabilities.📖 Read
via "Tech Republic".
TechRepublic
Organizations are more likely to purchase tech and services from vendors demonstrating transparency
A global study by Intel indicates 73% of respondents gravitate toward companies that proactively find, mitigate and communicate security vulnerabilities.
🦿 How to use Bitwarden's new Send feature 🦿
📖 Read
via "Tech Republic".
What is probably the best open source password manager on the market has added a new feature that will make using the tool even better.📖 Read
via "Tech Republic".
TechRepublic
How to use Bitwarden's new Send feature
What is probably the best open source password manager on the market has added a new feature that will make using the tool even better.