‼ CVE-2021-20017 ‼
📖 Read
via "National Vulnerability Database".
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20018 ‼
📖 Read
via "National Vulnerability Database".
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28361 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35682 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).📖 Read
via "National Vulnerability Database".
âš Naked Security Live – HAFNIUM explained in plain English âš
📖 Read
via "Naked Security".
Latest episode - watch now!📖 Read
via "Naked Security".
Naked Security
Naked Security Live – HAFNIUM explained in plain English
Latest episode – watch now!
‼ CVE-2021-28379 ‼
📖 Read
via "National Vulnerability Database".
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27576 ‼
📖 Read
via "National Vulnerability Database".
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28374 ‼
📖 Read
via "National Vulnerability Database".
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's existence, uid and gids, home and/or Maildir directory, quota, and some type of password information (such as a hash).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28378 ‼
📖 Read
via "National Vulnerability Database".
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28375 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.📖 Read
via "National Vulnerability Database".
🕴 Verkada Breach Demonstrates Danger of Overprivileged Users 🕴
📖 Read
via "Dark Reading".
In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.📖 Read
via "Dark Reading".
Dark Reading
Verkada Breach Demonstrates Danger of Overprivileged Users
In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.
🕴 How to Choose the Right Cybersecurity Framework 🕴
📖 Read
via "Dark Reading".
Cybersecurity frameworks can help reduce your risk of supply chain attacks and increase your competitive advantage.📖 Read
via "Dark Reading".
Dark Reading
How to Choose the Right Cybersecurity Framework
Cybersecurity frameworks can help reduce your risk of supply chain attacks and increase your competitive advantage.
🦿 How to block users from setting up their own cron jobs on Linux 🦿
📖 Read
via "Tech Republic".
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.📖 Read
via "Tech Republic".
TechRepublic
Linux 101: How to block users from setting up their own cron jobs
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.
🦿 Organizations are more likely to purchase tech and services from vendors demonstrating transparency 🦿
📖 Read
via "Tech Republic".
A global study by Intel indicates 73% of respondents gravitate toward companies that proactively find, mitigate and communicate security vulnerabilities.📖 Read
via "Tech Republic".
TechRepublic
Organizations are more likely to purchase tech and services from vendors demonstrating transparency
A global study by Intel indicates 73% of respondents gravitate toward companies that proactively find, mitigate and communicate security vulnerabilities.
🦿 How to use Bitwarden's new Send feature 🦿
📖 Read
via "Tech Republic".
What is probably the best open source password manager on the market has added a new feature that will make using the tool even better.📖 Read
via "Tech Republic".
TechRepublic
How to use Bitwarden's new Send feature
What is probably the best open source password manager on the market has added a new feature that will make using the tool even better.
🕴 Lookout Acquires SASE Cloud Provider CipherCloud 🕴
📖 Read
via "Dark Reading".
Deal signals a focus on the cloud for mobile security firm.📖 Read
via "Dark Reading".
Dark Reading
Lookout Acquires SASE Cloud Provider CipherCloud
Deal signals a focus on the cloud for mobile security firm.
🦿 How malware is targeting the new Apple Macs 🦿
📖 Read
via "Tech Republic".
As the new kid on the block, the M1 chip-based Mac is already on the radar of malware writers, says Kaspersky.📖 Read
via "Tech Republic".
TechRepublic
How malware is targeting the new Apple Macs
As the new kid on the block, the M1 chip-based Mac is already on the radar of malware writers, says Kaspersky.
🦿 Forrester: These 5 threats could hobble pandemic recovery 🦿
📖 Read
via "Tech Republic".
If businesses are going to successfully navigate the road ahead they'll need to focus on these security problems and attack vectors.📖 Read
via "Tech Republic".
TechRepublic
Forrester: These 5 threats could hobble pandemic recovery
If businesses are going to successfully navigate the road ahead they'll need to focus on these security problems and attack vectors.
‼ CVE-2021-25672 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24877 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25240 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.📖 Read
via "National Vulnerability Database".