βΌ CVE-2020-20977 βΌ
π Read
via "National Vulnerability Database".
A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27793 βΌ
π Read
via "National Vulnerability Database".
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38086 βΌ
π Read
via "National Vulnerability Database".
Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37841 βΌ
π Read
via "National Vulnerability Database".
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27791 βΌ
π Read
via "National Vulnerability Database".
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38597 βΌ
π Read
via "National Vulnerability Database".
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27790 βΌ
π Read
via "National Vulnerability Database".
The command Γ’β¬ΕipfilterΓ’β¬οΏ½ in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38088 βΌ
π Read
via "National Vulnerability Database".
Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.π Read
via "National Vulnerability Database".
π¦Ώ For sale: Access to your company network. Price: Less than you'd think π¦Ώ
π Read
via "Tech Republic".
Access to secured networks is regularly sold on the Dark Web and 45% of those sales are less than $1,000.π Read
via "Tech Republic".
TechRepublic
For sale: Access to your company network. Price: Less than you'd think
Access to secured networks is regularly sold on the Dark Web and 45% of those sales are less than $1,000.
β AdLoad Malware 2021 Samples Skate Past Apple XProtect β
π Read
via "Threat Post".
A crush of new attacks using the well-known adware involves at least 150 updated samples, many of which aren't recognized by Apple's built-in security controls.π Read
via "Threat Post".
Threat Post
AdLoad Malware 2021 Samples Skate Past Apple XProtect
A crush of new attacks using the well-known adware involves at least 150 updated samples, many of which aren't recognized by Apple's built-in security controls.
π Progress Being Made Fortifying US Cyber Defenses π
π Read
via "".
Nearly 75 percent of the Cyberspace Solarium Commission's federal recommendations have been implemented or are on track to being implemented.π Read
via "".
Digital Guardian
Progress Being Made Fortifying US Cyber Defenses
Nearly 75 percent of the Cyberspace Solarium Commission's federal recommendations have been implemented or are on track to being implemented.
βΌ CVE-2020-18445 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20509 βΌ
π Read
via "National Vulnerability Database".
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32808 βΌ
π Read
via "National Vulnerability Database".
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38606 βΌ
π Read
via "National Vulnerability Database".
reNgine through 0.5 relies on a predictable directory name.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38291 βΌ
π Read
via "National Vulnerability Database".
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38604 βΌ
π Read
via "National Vulnerability Database".
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32809 βΌ
π Read
via "National Vulnerability Database".
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38599 βΌ
π Read
via "National Vulnerability Database".
WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to encrypt all file activity."π Read
via "National Vulnerability Database".
βΌ CVE-2020-18446 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php.π Read
via "National Vulnerability Database".
β Black Hat: Novel DNS Hack Spills Confidential Corp Data β
π Read
via "Threat Post".
Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53's DNS service and Google Cloud DNS.π Read
via "Threat Post".
Threat Post
Black Hat: Novel DNS Hack Spills Confidential Corp Data
Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53's DNS service and Google Cloud DNS.