‼ CVE-2020-18875 ‼
📖 Read
via "National Vulnerability Database".
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32728 ‼
📖 Read
via "National Vulnerability Database".
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0. There are no known workarounds aside from upgrading.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23424 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.📖 Read
via "National Vulnerability Database".
🦿 Hackers are getting better at their jobs, but people are getting better at prevention 🦿
📖 Read
via "Tech Republic".
Expert says people are becoming smarter about the links they click on and noticing the ones they shouldn't, giving hope for the future of cybersecurity.📖 Read
via "Tech Republic".
TechRepublic
Hackers are getting better at their jobs, but people are getting better at prevention
Expert says people are becoming smarter about the links they click on and noticing the ones they shouldn't, giving hope for the future of cybersecurity.
🦿 ICS vulnerability reports are increasing in number and severity, and exploit complexity is dropping 🦿
📖 Read
via "Tech Republic".
71% of vulnerabilities found in the first half of 2021 are classified as high or critical, and 90% are of low complexity, meaning an attacker can expect repeated success under a variety of conditions, says Claroty.📖 Read
via "Tech Republic".
TechRepublic
ICS vulnerability reports are increasing in number and severity, and exploit complexity is dropping
71% of vulnerabilities found in the first half of 2021 are classified as high or critical, and 90% are of low complexity, meaning an attacker can expect repeated success under a variety of conditions, says Claroty.
🦿 Cybercriminals are getting more sophisticated and better at going unnoticed 🦿
📖 Read
via "Tech Republic".
Human error is still responsible for the majority of breaches, but we're getting better about watching for suspicious links, expert says.📖 Read
via "Tech Republic".
TechRepublic
Cybercriminals are getting more sophisticated and better at going unnoticed
Human error is still responsible for the majority of breaches, but we're getting better about watching for suspicious links, expert says.
❌ Bogus Cryptomining Apps Infest Google Play ❌
📖 Read
via "Threat Post".
The apps attempt to swindle users into buying in-app upgrades or clicking on masses of ads.📖 Read
via "Threat Post".
Threat Post
Bogus Cryptomining Apps Infest Google Play
The apps attempt to swindle users into buying in-app upgrades or clicking on masses of ads.
🔏 Banking Groups Push Back Against 24 Hour Breach Disclosure Bill 🔏
📖 Read
via "".
Recent plans to adjust federal rules around disclosing data breaches have drawn the ire of the banking community.📖 Read
via "".
🦿 Zero-trust security is a great preventer of cyberattacks, expert says 🦿
📖 Read
via "Tech Republic".
The zero-trust model prevents attacks, but also greatly limits the impact of a successful breach, such as a ransomware attack.📖 Read
via "Tech Republic".
TechRepublic
Zero-trust security is a great preventer of cyberattacks, expert says
The zero-trust model prevents attacks, but also greatly limits the impact of a successful breach, such as a ransomware attack.
‼ CVE-2020-22120 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39270 ‼
📖 Read
via "National Vulnerability Database".
In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25218 ‼
📖 Read
via "National Vulnerability Database".
In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22124 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25928 ‼
📖 Read
via "National Vulnerability Database".
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(), getoffset(), dnc_set_answer(). The attack vector is: a specific DNS response packet. The code does not check the "response data length" field of individual DNS answers, which may cause out-of-bounds read/write operations, leading to Information leak, Denial-or-Service, or Remote Code Execution, depending on the context.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25927 ‼
📖 Read
via "National Vulnerability Database".
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37617 ‼
📖 Read
via "National Vulnerability Database".
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the `Uninstall.exe` file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious `Uninstall.exe`, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not allow untrusted users to create content in the `C:\` system folder and verify that there is no malicious `C:\Uninstall.exe` file on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25926 ‼
📖 Read
via "National Vulnerability Database".
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39286 ‼
📖 Read
via "National Vulnerability Database".
Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25767 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which leads to an Out-of-bounds Read, and a Denial-of-Service as a consequence.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19669 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22122 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request.📖 Read
via "National Vulnerability Database".