🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-38136 ‼

Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A â€˜low privilegedâ€™ attacker can read any file on the target host.

📖 Read

via "National Vulnerability Database".

156 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-37547 ‼

In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.

📖 Read

via "National Vulnerability Database".

153 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-37550 ‼

In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.

📖 Read

via "National Vulnerability Database".

156 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-37551 ‼

In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

📖 Read

via "National Vulnerability Database".

156 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-37553 ‼

In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.

📖 Read

via "National Vulnerability Database".

153 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-37542 ‼

In JetBrains TeamCity before 2020.2.3, XSS was possible.

📖 Read

via "National Vulnerability Database".

156 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-37540 ‼

In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.

📖 Read

via "National Vulnerability Database".

157 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-37554 ‼

In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.

📖 Read

via "National Vulnerability Database".

157 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-37549 ‼

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

📖 Read

via "National Vulnerability Database".

159 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-36708 ‼

In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router.

📖 Read

via "National Vulnerability Database".

159 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-37544 ‼

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.

📖 Read

via "National Vulnerability Database".

160 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-26998 ‼

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.

📖 Read

via "National Vulnerability Database".

160 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-36209 ‼

In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.

📖 Read

via "National Vulnerability Database".

175 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-36706 ‼

In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system.

📖 Read

via "National Vulnerability Database".

219 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-37546 ‼

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.

📖 Read

via "National Vulnerability Database".

231 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-37543 ‼

In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects.

📖 Read

via "National Vulnerability Database".

243 views16:32

🛡 Cybersecurity & Privacy 🛡 - News

❌ Amazon Kindle Vulnerable to Malicious EBooks ❌

Prior to a patch, a serious bug could have allowed attackers to take over Kindles and steal personal data.

📖 Read

via "Threat Post".

Threat Post

Amazon Kindle Vulnerable to Malicious EBooks

Prior to a patch, a serious bug could have allowed attackers to take over Kindles and steal personal data.

265 views19:02

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-35312 ‼

A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.

📖 Read

via "National Vulnerability Database".

255 views20:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-18693 ‼

Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'.

📖 Read

via "National Vulnerability Database".

241 views20:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-18694 ‼

Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save_profile".

📖 Read

via "National Vulnerability Database".

249 views20:33

🛡 Cybersecurity & Privacy 🛡 - News

❌ Golang Cryptomining Worm Offers 15% Speed Boost ❌

The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process.

📖 Read

via "Threat Post".

Threat Post

Golang Cryptomining Worm Offers 15% Speed Boost

The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process.

279 views21:02

About

Blog

Apps

Platform