‼ CVE-2021-33529 ‼
📖 Read
via "National Vulnerability Database".
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33532 ‼
📖 Read
via "National Vulnerability Database".
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33542 ‼
📖 Read
via "National Vulnerability Database".
Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.📖 Read
via "National Vulnerability Database".
🦿 Linux: How to find details about user logins 🦿
📖 Read
via "Tech Republic".
If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you.📖 Read
via "Tech Republic".
TechRepublic
How to find details about user logins on Linux
If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you.
❌ PS3 Players Ban: Latest Victims of Surging Attacks on Gaming Industry ❌
📖 Read
via "Threat Post".
Every Sony PlayStation 3 ID out there was compromised, provoking bans of legit players on the network.📖 Read
via "Threat Post".
Threat Post
PS3 Players Ban: Latest Victims of Surging Attacks on Gaming Industry
Every Sony PlayStation 3 ID out there was compromised, provoking bans of legit players on the network.
🕴 New CPU Baseline for Windows 11 Will Ensure Better Security, Microsoft Says 🕴
📖 Read
via "Dark Reading".
Redmond's latest OS will run only on systems with TPM 2.0 chips.📖 Read
via "Dark Reading".
Dark Reading
Dark Reading | Security | Protect The Business
Dark Reading: Connecting The Cybersecurity Community.
❌ Mercedes-Benz Customer Data Flies Out the Window ❌
📖 Read
via "Threat Post".
For over three years, a vendor was recklessly driving the cloud-stored data of luxury-car-owning customers and wannabe buyers.📖 Read
via "Threat Post".
Threat Post
Mercedes-Benz Customer Data Flies Out the Window
For over three years, a vendor was recklessly driving the cloud-stored data of luxury-car-owning customers and wannabe buyers.
‼ CVE-2021-35502 ‼
📖 Read
via "National Vulnerability Database".
app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25654 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1073 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session. Such an attack may lead to these targeted users' data being accessed, altered, or lost.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35513 ‼
📖 Read
via "National Vulnerability Database".
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20751 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20745 ‼
📖 Read
via "National Vulnerability Database".
Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20749 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23399 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20099 ‼
📖 Read
via "National Vulnerability Database".
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20100 ‼
📖 Read
via "National Vulnerability Database".
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099.📖 Read
via "National Vulnerability Database".
🦿 Cybersecurity study: SolarWinds attack cost affected US companies an average of $12 million 🦿
📖 Read
via "Tech Republic".
New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.📖 Read
via "Tech Republic".
TechRepublic
Cybersecurity study: SolarWinds attack cost affected US companies an average of $12 million
New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.
🕴 The Role of Encryption in Protecting LGBTQ+ Community Members 🕴
📖 Read
via "Dark Reading".
The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution -- and strong encryption is a critical part of this equation.📖 Read
via "Dark Reading".
Dark Reading
The Role of Encryption in Protecting LGBTQ+ Community Members
The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution — and strong encryption is a critical part of this equation.
‼ CVE-2021-32496 ‼
📖 Read
via "National Vulnerability Database".
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29157 ‼
📖 Read
via "National Vulnerability Database".
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.📖 Read
via "National Vulnerability Database".