‼ CVE-2021-26275 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28126 ‼
📖 Read
via "National Vulnerability Database".
index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6578 ‼
📖 Read
via "National Vulnerability Database".
Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25292 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25289 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27221 ‼
📖 Read
via "National Vulnerability Database".
** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28110 ‼
📖 Read
via "National Vulnerability Database".
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27928 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25291 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28109 ‼
📖 Read
via "National Vulnerability Database".
TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
🦿 Want to be an ethical hacker? Take these cybersecurity courses 🦿
📖 Read
via "Tech Republic".
In these 18 online training courses on ethical hacking, cybersecurity pros will teach you about creating projects with Python, bug bounty hunting, Kali Linux hacker tools and much more.📖 Read
via "Tech Republic".
TechRepublic
Want to be an ethical hacker? Take these cybersecurity courses
In these 18 online training courses on ethical hacking, cybersecurity pros will teach you about creating projects with Python, bug bounty hunting, Kali Linux hacker tools and much more.
🕴 Russian Man Pleads Guilty in Thwarted Tesla Hack 🕴
📖 Read
via "Dark Reading".
Egor Kriuchkov will be sentenced in May on conspiracy charge📖 Read
via "Dark Reading".
Dark Reading
Russian Man Pleads Guilty in Thwarted Tesla Hack
Egor Kriuchkov will be sentenced in May on conspiracy charge
🦿 Business email compromise scams proved costly to victims in 2020 🦿
📖 Read
via "Tech Republic".
The FBI received more than 19,000 complaints of business email compromises last year, costing victims around $1.8 billion.📖 Read
via "Tech Republic".
TechRepublic
Business email compromise scams proved costly to victims in 2020
The FBI received more than 19,000 complaints of business email compromises last year, costing victims around $1.8 billion.
❌ Bogus Android Clubhouse App Drops Credential-Swiping Malware ❌
📖 Read
via "Threat Post".
The malicious app spreads the BlackRock malware, which steals credentials from 458 services - including Twitter, WhatsApp, Facebook and Amazon.📖 Read
via "Threat Post".
Threat Post
Bogus Android Clubhouse App Drops Credential-Swiping Malware
The malicious app spreads the BlackRock malware, which steals credentials from 458 services - including Twitter, WhatsApp, Facebook and Amazon.
🕴 SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes 🕴
📖 Read
via "Dark Reading".
Researchers observe attackers altering mailbox folders to assign read-only permissions to any authenticated user on a target machine.📖 Read
via "Dark Reading".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
‼ CVE-2021-27506 ‼
📖 Read
via "National Vulnerability Database".
In Stormshield Network Security (SNS) 1.0 through 4.2.0, the parsing of some malformed files can lead to the crash of ClamAV service causing a Denial of Service.📖 Read
via "National Vulnerability Database".
🔏 Friday Five 3/19 🔏
📖 Read
via "Digital Guardian".
Stolen phone access, cybersecurity in national security, and the theft of NFTs - catch up on all of the week's infosec news with the Friday Five!📖 Read
via "Digital Guardian".
Digital Guardian
Friday Five 3/19
Stolen phone access, cybersecurity in national security, and the theft of NFTs - catch up on all of the week's infosec news with the Friday Five!
🦿 How to use semanage and avoid disabling SELinux 🦿
📖 Read
via "Tech Republic".
Jack Wallen introduces you to three semanage commands that will help make dealing with SELinux considerably easier.📖 Read
via "Tech Republic".
TechRepublic
How to use semanage and avoid disabling SELinux
Jack Wallen introduces you to three semanage commands that will help make dealing with SELinux considerably easier.
‼ CVE-2020-4635 ‼
📖 Read
via "National Vulnerability Database".
IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25277 ‼
📖 Read
via "National Vulnerability Database".
FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25278 ‼
📖 Read
via "National Vulnerability Database".
FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor.📖 Read
via "National Vulnerability Database".