βΌ CVE-2020-13611 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13609 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22864 βΌ
π Read
via "National Vulnerability Database".
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13612 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13608 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13610 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21380 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28814 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.π Read
via "National Vulnerability Database".
β Hackers Steal FIFA 21 Source Code, Tools in EA Breach β
π Read
via "Threat Post".
Raft of other proprietary game data and related software and developer kits also pilfered in the unspecified attack, which the company is investigating.π Read
via "Threat Post".
Threat Post
Hackers Steal FIFA 21 Source Code, Tools in EA Breach
Raft of other proprietary game data and related software and developer kits also pilfered in the unspecified attack, which the company is investigating.
β Police Grab Slilpp, Biggest Stolen-Logins Market β
π Read
via "Threat Post".
There were more than 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone.π Read
via "Threat Post".
Threat Post
Police Grab Slilpp, Biggest Stolen-Logins Market
There were over 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone.
π΄ Secure Access Trade-offs for DevSecOps Teams π΄
π Read
via "Dark Reading".
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.π Read
via "Dark Reading".
βΌ CVE-2021-26829 βΌ
π Read
via "National Vulnerability Database".
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.π Read
via "National Vulnerability Database".
β Monumental Supply-Chain Attack on Airlines Traced to State Actor β
π Read
via "Threat Post".
Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks.π Read
via "Threat Post".
π΄ Many Mobile Apps Intentionally Using Insecure Connections for Sending Data π΄
π Read
via "Dark Reading".
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.π Read
via "Dark Reading".
Dark Reading
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
π Friday Five 6/11 π
π Read
via "".
TrickBot indictments, ransomware negotiations, and a massive sting operation using an FBI-run phone network - catch up on all of the week's infosec news with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 6/11
TrickBot indictments, ransomware negotiations, and a massive sting operation using an FBI-run phone network - catch up on all of the week's infosec news with the Friday Five!
π GNU Privacy Guard 2.2.28 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.28 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π nfstream 6.3.2 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.3.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-25401 βΌ
π Read
via "National Vulnerability Database".
Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25385 βΌ
π Read
via "National Vulnerability Database".
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25397 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.π Read
via "National Vulnerability Database".
β Chrome zero-day, hot on the heels of Microsoftβs IE zero-day. Patch now! β
π Read
via "Naked Security".
Patch early. Patch often. Patch now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News