βΌ CVE-2021-32719 βΌ
π Read
via "National Vulnerability Database".
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20494 βΌ
π Read
via "National Vulnerability Database".
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23711 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20572 βΌ
π Read
via "National Vulnerability Database".
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247.π Read
via "National Vulnerability Database".
π΄ An Interesting Approach to Cyber Insurance π΄
π Read
via "Dark Reading".
What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.π Read
via "Dark Reading".
Dark Reading
An Innovative Approach to Cyber Insurance
What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.
β Russian Attackers Breach Microsoft Customer Service Accounts β
π Read
via "Threat Post".
American IT companies and government have been targeted by the Nobelium state-sponsored group. π Read
via "Threat Post".
Threat Post
Attackers Breach Microsoft Customer Service Accounts
American IT companies and government have been targeted by the Nobelium state-sponsored group.
π¦Ώ Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million π¦Ώ
π Read
via "Tech Republic".
New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.π Read
via "Tech Republic".
TechRepublic
Cybersecurity study: SolarWinds attack cost affected companies an average of $12 million
New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security.
π΄ Microsoft Tracks Attack Campaign Against Customer Support Agents π΄
π Read
via "Dark Reading".
The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.π Read
via "Dark Reading".
βΌ CVE-2020-22607 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22609 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.π Read
via "National Vulnerability Database".
π΄ New House Bill Aims to Drive Americans' Security Awareness π΄
π Read
via "Dark Reading".
The legislation requires the National Telecommunications and Information Administration to establish a cybersecurity literacy campaign.π Read
via "Dark Reading".
β NVIDIA Patches High-Severity GeForce Spoof-Attack Bug β
π Read
via "Threat Post".
A vulnerability in NVIDIAβs GeForce Experience software opens the door to remote data access, manipulation and deletion.π Read
via "Threat Post".
Threat Post
NVIDIA Patches High-Severity GeForce Spoof-Attack Bug
Vulnerability in NVIDIAβs GeForce Experience software opens door to remote data access, manipulation and deletion.
π Data Protection Act of 2021 Would Create US Data Protection Agency π
π Read
via "".
The proposed legislation would create an agency to enforce data protection rules and oversee high-risk data practices.π Read
via "".
Digital Guardian
Data Protection Act of 2021 Would Create US Data Protection Agency
The proposed legislation would create an agency to enforce data protection rules and oversee high-risk data practices.
β 5G Security Vulnerabilities Fluster Mobile Operators β
π Read
via "Threat Post".
A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more).π Read
via "Threat Post".
Threat Post
5G Security Vulnerabilities Fluster Mobile Operators
A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more).
π΄ Attacks Erase Western Digital Network-Attached Storage Drives π΄
π Read
via "Dark Reading".
The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.π Read
via "Dark Reading".
Dark Reading
Attacks Erase Western Digital Network-Attached Storage Drives
The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.
βΌ CVE-2020-21142 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35298 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35302 βΌ
π Read
via "National Vulnerability Database".
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32722 βΌ
π Read
via "National Vulnerability Database".
GlobalNewFiles is a mediawiki extension. All existing versions of GlobalNewFiles are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. No patches are currently available. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35303 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32723 βΌ
π Read
via "National Vulnerability Database".
Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fixed in Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to highlight untrusted text. Other languages are not affected and can be used to highlight untrusted text.π Read
via "National Vulnerability Database".