‼ CVE-2020-11218 ‼
📖 Read
via "National Vulnerability Database".
Denial of service in baseband when NW configures LTE betaOffset-RI-Index due to lack of data validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20002 ‼
📖 Read
via "National Vulnerability Database".
The Debian shadow package before 4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-11221 ‼
📖 Read
via "National Vulnerability Database".
Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2020-11189 ‼
📖 Read
via "National Vulnerability Database".
Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
⚠ Serious Security: The Linux kernel bugs that surfaced after 15 years ⚠
📖 Read
via "Naked Security".
Anyone could have found these bugs, but everyone assumed someone would, and in the end, no one did. (Until now.)📖 Read
via "Naked Security".
Naked Security
Serious Security: The Linux kernel bugs that surfaced after 15 years
Anyone could have found these bugs, but everyone assumed someone would, and in the end, no one did. (Until now.)
‼ CVE-2020-17525 ‼
📖 Read
via "National Vulnerability Database".
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7📖 Read
via "National Vulnerability Database".
❌ A New Paradigm in Data Security: Insider Risk Management ❌
📖 Read
via "Threat Post".
Insider Risk Management builds a framework around the new paradigm of "risk tolerance," aiming to give security teams the visibility and context around data activity to protect that data, without putting rigid constraints on users.📖 Read
via "Threat Post".
Threat Post
A New Paradigm in Data Security: Insider Risk Management
Insider Risk Management aims to give security teams the visibility and context around data activity for protection, without putting rigid constraints on users.
🕴 7 Tips to Secure the Enterprise Against Tax Scams 🕴
📖 Read
via "Dark Reading".
Tax season is yet another opportunity for fraudsters to target your company. Here's how to keep everyone in the organization on their toes.📖 Read
via "Dark Reading".
Dark Reading
7 Tips to Secure the Enterprise Against Tax Scams
Tax season is yet another opportunity for fraudsters to target your company. Here's how to keep everyone in the organization on their toes.
🦿 How ransomware is evolving as a threat to organizations 🦿
📖 Read
via "Tech Republic".
Cybercriminals know they can make money with ransomware and keep getting bolder with their demands, says Palo Alto Networks' Unit 42.📖 Read
via "Tech Republic".
TechRepublic
How ransomware is evolving as a threat to organizations
Cybercriminals know they can make money with ransomware and keep getting bolder with their demands, says Palo Alto Networks' Unit 42.
🦿 How a reliance on the cloud still poses security risks 🦿
📖 Read
via "Tech Republic".
Most of the cyberattacks on cloud environments have been due to compromised credentials, says Centrify.📖 Read
via "Tech Republic".
TechRepublic
How a reliance on the cloud still poses security risks
Most of the cyberattacks on cloud environments have been due to compromised credentials, says Centrify.
🕴 Enterprises Wrestle With Executive Social Media Risk Management 🕴
📖 Read
via "Dark Reading".
Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.📖 Read
via "Dark Reading".
Dark Reading
Enterprises Wrestle With Executive Social Media Risk Management
Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.
‼ CVE-2020-28873 ‼
📖 Read
via "National Vulnerability Database".
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27292 ‼
📖 Read
via "National Vulnerability Database".
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.📖 Read
via "National Vulnerability Database".