βΌ CVE-2021-22239 βΌ
π Read
via "National Vulnerability Database".
An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37101 βΌ
π Read
via "National Vulnerability Database".
There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38723 βΌ
π Read
via "National Vulnerability Database".
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/itemsπ Read
via "National Vulnerability Database".
βΌ CVE-2020-19515 βΌ
π Read
via "National Vulnerability Database".
qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3761 βΌ
π Read
via "National Vulnerability Database".
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as "RPKI invalid". Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38725 βΌ
π Read
via "National Vulnerability Database".
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2020-19144 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38721 βΌ
π Read
via "National Vulnerability Database".
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerabilityπ Read
via "National Vulnerability Database".
π¦Ώ Stop using your web browser security wrong π¦Ώ
π Read
via "Tech Republic".
Chances are good you're not using your browser with a strong enough eye on security. Jack Wallen offers up some advice to the average user on how to browse safer.π Read
via "Tech Republic".
TechRepublic
Stop using your web browser security wrong
Chances are good you're not using your browser with a strong enough eye on security. Jack Wallen offers up some advice to the average user on how to browse safer.
β βAzurescapeβ Kubernetes Attack Allows Cross-Container Cloud Compromise β
π Read
via "Threat Post".
A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.π Read
via "Threat Post".
Threat Post
βAzurescapeβ Kubernetes Attack Allows Cross-Container Cloud Compromise
A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.
β S3 Ep49: Poison PACs, pointless alarms and phunky bugs [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep49: Poison PACs, pointless alarms and phunky bugs [Podcast]
Latest episode β listen now!
β Windows zero-day MSHTML attack β how not to get booby trapped! β
π Read
via "Naked Security".
Zero-day bug in MSHTML, the "mini-Internet Explorer" component of Windows, triggered by booby trapped Office files.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Financial Cybercrime: Why Cryptocurrency is the Perfect βGetaway Carβ β
π Read
via "Threat Post".
John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency.π Read
via "Threat Post".
Threat Post
Financial Cybercrime: Why Cryptocurrency is the Perfect βGetaway Carβ
John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency.
π¦Ώ SPDX becomes internationally recognized standard π¦Ώ
π Read
via "Tech Republic".
In use for a decade as the de facto standard for communicating software bills of materials, SPDX formally becomes the internationally recognized ISO/IEC JTC 1 standard.π Read
via "Tech Republic".
TechRepublic
SPDX becomes internationally recognized standard
In use for a decade as the de facto standard for communicating software bills of materials, SPDX formally becomes the internationally recognized ISO/IEC JTC 1 standard.
βΌ CVE-2021-32485 βΌ
π Read
via "National Vulnerability Database".
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964926.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32486 βΌ
π Read
via "National Vulnerability Database".
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964928.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38727 βΌ
π Read
via "National Vulnerability Database".
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/itemsπ Read
via "National Vulnerability Database".
βΌ CVE-2021-32487 βΌ
π Read
via "National Vulnerability Database".
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500736; Issue ID: ALPS04938456.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40284 βΌ
π Read
via "National Vulnerability Database".
D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32484 βΌ
π Read
via "National Vulnerability Database".
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964917.π Read
via "National Vulnerability Database".
π¦Ώ The top keywords used in phishing email subject lines π¦Ώ
π Read
via "Tech Republic".
Some of these phrasings are standard day-to-day subject lines, but as one expert explained, "the attacker wants you to be moving too fast to stop and question if it's legitimate."π Read
via "Tech Republic".
TechRepublic
The top keywords used in phishing email subject lines
Some of these phrasings are standard day-to-day subject lines, but as one expert explained, "the attacker wants you to be moving too fast to stop and question if it's legitimate."