βΌ CVE-2020-24826 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24824 βΌ
π Read
via "National Vulnerability Database".
A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-24827 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29765 βΌ
π Read
via "National Vulnerability Database".
IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32590 βΌ
π Read
via "National Vulnerability Database".
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35463 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24821 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26098 βΌ
π Read
via "National Vulnerability Database".
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24010 βΌ
π Read
via "National Vulnerability Database".
Improper limitation of a pathname to a restricted directoryΓ vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32594 βΌ
π Read
via "National Vulnerability Database".
An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4707 βΌ
π Read
via "National Vulnerability Database".
IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36764 βΌ
π Read
via "National Vulnerability Database".
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36168 βΌ
π Read
via "National Vulnerability Database".
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET requestΓ with maliciousΓ parameter values.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36765 βΌ
π Read
via "National Vulnerability Database".
In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24018 βΌ
π Read
via "National Vulnerability Database".
A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33338 βΌ
π Read
via "National Vulnerability Database".
The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and conduct Cross-Site Request Forgery (CSRF) attacks via the p_auth parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3678 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)π Read
via "National Vulnerability Database".
π¦Ώ Cybersecurity pros wanted: Tips for hiring IT and security talent right now π¦Ώ
π Read
via "Tech Republic".
Companies are pulling out all of the stops to attract top talent in a tight labor market. These tips could help companies attract and retain cybersecurity pros in the months ahead.π Read
via "Tech Republic".
TechRepublic
Cybersecurity pros wanted: Tips for hiring IT and security talent right now
Companies are pulling out all of the stops to attract top talent in a tight labor market. These tips could help companies attract and retain cybersecurity pros in the months ahead.
π How Much Does a Data Breach Cost in 2021? π
π Read
via "".
The cost of data breaches continues to rise; according to this annual report, the global shift to remote work is partly to blame.π Read
via "".
Digital Guardian
How Much Does a Data Breach Cost in 2021?
The cost of data breaches continues to rise; according to this annual report, the global shift to remote work is partly to blame.
βΌ CVE-2021-34845 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14034.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34835 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14015.π Read
via "National Vulnerability Database".