‼ CVE-2021-28379 ‼
📖 Read
via "National Vulnerability Database".
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27576 ‼
📖 Read
via "National Vulnerability Database".
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28374 ‼
📖 Read
via "National Vulnerability Database".
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's existence, uid and gids, home and/or Maildir directory, quota, and some type of password information (such as a hash).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28378 ‼
📖 Read
via "National Vulnerability Database".
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28375 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.📖 Read
via "National Vulnerability Database".
🕴 Verkada Breach Demonstrates Danger of Overprivileged Users 🕴
📖 Read
via "Dark Reading".
In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.📖 Read
via "Dark Reading".
Dark Reading
Verkada Breach Demonstrates Danger of Overprivileged Users
In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.
🕴 How to Choose the Right Cybersecurity Framework 🕴
📖 Read
via "Dark Reading".
Cybersecurity frameworks can help reduce your risk of supply chain attacks and increase your competitive advantage.📖 Read
via "Dark Reading".
Dark Reading
How to Choose the Right Cybersecurity Framework
Cybersecurity frameworks can help reduce your risk of supply chain attacks and increase your competitive advantage.
🦿 How to block users from setting up their own cron jobs on Linux 🦿
📖 Read
via "Tech Republic".
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.📖 Read
via "Tech Republic".
TechRepublic
Linux 101: How to block users from setting up their own cron jobs
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.
🦿 Organizations are more likely to purchase tech and services from vendors demonstrating transparency 🦿
📖 Read
via "Tech Republic".
A global study by Intel indicates 73% of respondents gravitate toward companies that proactively find, mitigate and communicate security vulnerabilities.📖 Read
via "Tech Republic".
TechRepublic
Organizations are more likely to purchase tech and services from vendors demonstrating transparency
A global study by Intel indicates 73% of respondents gravitate toward companies that proactively find, mitigate and communicate security vulnerabilities.
🦿 How to use Bitwarden's new Send feature 🦿
📖 Read
via "Tech Republic".
What is probably the best open source password manager on the market has added a new feature that will make using the tool even better.📖 Read
via "Tech Republic".
TechRepublic
How to use Bitwarden's new Send feature
What is probably the best open source password manager on the market has added a new feature that will make using the tool even better.
🕴 Lookout Acquires SASE Cloud Provider CipherCloud 🕴
📖 Read
via "Dark Reading".
Deal signals a focus on the cloud for mobile security firm.📖 Read
via "Dark Reading".
Dark Reading
Lookout Acquires SASE Cloud Provider CipherCloud
Deal signals a focus on the cloud for mobile security firm.
🦿 How malware is targeting the new Apple Macs 🦿
📖 Read
via "Tech Republic".
As the new kid on the block, the M1 chip-based Mac is already on the radar of malware writers, says Kaspersky.📖 Read
via "Tech Republic".
TechRepublic
How malware is targeting the new Apple Macs
As the new kid on the block, the M1 chip-based Mac is already on the radar of malware writers, says Kaspersky.
🦿 Forrester: These 5 threats could hobble pandemic recovery 🦿
📖 Read
via "Tech Republic".
If businesses are going to successfully navigate the road ahead they'll need to focus on these security problems and attack vectors.📖 Read
via "Tech Republic".
TechRepublic
Forrester: These 5 threats could hobble pandemic recovery
If businesses are going to successfully navigate the road ahead they'll need to focus on these security problems and attack vectors.
‼ CVE-2021-25672 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24877 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25240 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23355 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. PoC (provided by reporter): var ps_kill = require('ps-kill'); ps_kill.kill('$(touch success)',function(){});📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28385 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27889 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scriptiong (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3167 ‼
📖 Read
via "National Vulnerability Database".
In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23356 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file.📖 Read
via "National Vulnerability Database".