βΌ CVE-2021-40347 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39207 βΌ
π Read
via "National Vulnerability Database".
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24040 βΌ
π Read
via "National Vulnerability Database".
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38555 βΌ
π Read
via "National Vulnerability Database".
An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40146 βΌ
π Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities.π Read
via "National Vulnerability Database".
π’ The best remote access solutions π’
π Read
via "ITPro".
We round up the top remote access software for mobile workers, including those with collaboration, screen-sharing and support toolsπ Read
via "ITPro".
IT PRO
The best remote access software | IT PRO
We round up the top remote access software for mobile workers, including those with collaboration, screen-sharing and support tools
π’ Ransomware hackers break off from Babuk to join a new group π’
π Read
via "ITPro".
New research shines a light on the fallout between criminals in the wake of the Colonial Pipeline attackπ Read
via "ITPro".
IT PRO
Ransomware hackers break off from Babuk to join a new group | IT PRO
New research shines a light on the fallout between criminals in the wake of the Colonial Pipeline attack
π’ DOJ extradites Ukrainian man who used a botnet to decrypt login credentials π’
π Read
via "ITPro".
The 28-year-old allegedly sold passwords to other criminals on the dark webπ Read
via "ITPro".
IT PRO
DOJ extradites Ukrainian man who used a botnet to decrypt login credentials | IT PRO
The 28-year-old allegedly sold passwords to other criminals on the dark web
π’ Dell launches new security services to tackle surging data demands π’
π Read
via "ITPro".
These new products aim to mitigate against data protection anxieties and the rising threat of ransomwareπ Read
via "ITPro".
IT PRO
Dell launches new security services to tackle surging data demands | IT PRO
These new products aim to mitigate against data protection anxieties and the rising threat of ransomware
βΌ CVE-2021-23440 βΌ
π Read
via "National Vulnerability Database".
This affects the package set-value before 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23435 βΌ
π Read
via "National Vulnerability Database".
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).π Read
via "National Vulnerability Database".
ποΈ Texas Republican Party website defaced in βAnonymousβ protest against abortion law ποΈ
π Read
via "The Daily Swig".
Hacktivists take aim at βHeartbeat Actβ with references to The Handmaidβs Tale and Rick-rolling memeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Texas Republican Party website defaced in βAnonymousβ protest against abortion law
Hacktivists take aim at βHeartbeat Actβ with references to The Handmaidβs Tale and Rick-rolling meme
π¦Ώ Phony vaccine card prices double following Biden mandate announcement π¦Ώ
π Read
via "Tech Republic".
Dark Web prices for fake vaccination cards shot up from $100 to $200 almost immediately after the president announced new mandates, says Check Point Research.π Read
via "Tech Republic".
TechRepublic
Phony COVID-19 vaccine card prices double following Biden mandate announcement
Dark Web prices for fake COVID-19 vaccination cards shot up from $100 to $200 almost immediately after the U.S. president announced new mandates, says Check Point Research.
βΌ CVE-2021-22526 βΌ
π Read
via "National Vulnerability Database".
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4π Read
via "National Vulnerability Database".
βΌ CVE-2021-32136 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27969 βΌ
π Read
via "National Vulnerability Database".
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-22527 βΌ
π Read
via "National Vulnerability Database".
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4π Read
via "National Vulnerability Database".
βΌ CVE-2021-22524 βΌ
π Read
via "National Vulnerability Database".
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4π Read
via "National Vulnerability Database".
βΌ CVE-2021-22528 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4π Read
via "National Vulnerability Database".
βΌ CVE-2021-40214 βΌ
π Read
via "National Vulnerability Database".
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27970 βΌ
π Read
via "National Vulnerability Database".
Yandex Browser before 20.10.0 allows remote attackers to spoof the address barπ Read
via "National Vulnerability Database".