🦿 How malware is targeting the new Apple Macs 🦿
📖 Read
via "Tech Republic".
As the new kid on the block, the M1 chip-based Mac is already on the radar of malware writers, says Kaspersky.📖 Read
via "Tech Republic".
TechRepublic
How malware is targeting the new Apple Macs
As the new kid on the block, the M1 chip-based Mac is already on the radar of malware writers, says Kaspersky.
🦿 Forrester: These 5 threats could hobble pandemic recovery 🦿
📖 Read
via "Tech Republic".
If businesses are going to successfully navigate the road ahead they'll need to focus on these security problems and attack vectors.📖 Read
via "Tech Republic".
TechRepublic
Forrester: These 5 threats could hobble pandemic recovery
If businesses are going to successfully navigate the road ahead they'll need to focus on these security problems and attack vectors.
‼ CVE-2021-25672 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24877 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25240 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23355 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. PoC (provided by reporter): var ps_kill = require('ps-kill'); ps_kill.kill('$(touch success)',function(){});📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28385 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27889 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scriptiong (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3167 ‼
📖 Read
via "National Vulnerability Database".
In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23356 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25239 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25236 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27695 ‼
📖 Read
via "National Vulnerability Database".
Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27380 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27817 ‼
📖 Read
via "National Vulnerability Database".
A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25675 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25673 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, the application could enter an infinite loop, become unresponsive and must be restarted to restore the service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25674 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4184 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802..📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25241 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25676 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.📖 Read
via "National Vulnerability Database".