βΌ CVE-2021-26750 βΌ
π Read
via "National Vulnerability Database".
DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32999 βΌ
π Read
via "National Vulnerability Database".
Improper handling of exceptional conditions in SuiteLink server while processing command 0x01π Read
via "National Vulnerability Database".
βΌ CVE-2021-41428 βΌ
π Read
via "National Vulnerability Database".
Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14.1 allows attacker to escalate privileges via insufficient configuration of service components.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21913 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32987 βΌ
π Read
via "National Vulnerability Database".
Null pointer dereference in SuiteLink server while processing command 0x0bπ Read
via "National Vulnerability Database".
βΌ CVE-2021-36872 βΌ
π Read
via "National Vulnerability Database".
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].π Read
via "National Vulnerability Database".
βΌ CVE-2021-32971 βΌ
π Read
via "National Vulnerability Database".
Null pointer dereference in SuiteLink server while processing command 0x07π Read
via "National Vulnerability Database".
βΌ CVE-2021-3824 βΌ
π Read
via "National Vulnerability Database".
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.π Read
via "National Vulnerability Database".
β How Outlook βautodiscoverβ could leak your passwords β and how to stop it β
π Read
via "Naked Security".
The Microsoft Autodiscover "Great Leak" explained - and how to prevent itπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β VMware patch bulletin warns: βThis needs your immediate attention.β β
π Read
via "Naked Security".
"It is a matter of time before working exploits are available," warns VMware.π Read
via "Naked Security".
Naked Security
VMware patch bulletin warns: βThis needs your immediate attention.β
βIt is a matter of time before working exploits are available,β warns VMware.
π¦Ώ How phishing-as-a-service operations pose a threat to organizations π¦Ώ
π Read
via "Tech Republic".
Attackers can easily buy, deploy and scale phishing campaigns to steal credentials and other sensitive data, says Microsoft.π Read
via "Tech Republic".
π¦Ώ Breached passwords: Popular TV shows don't make for the best security credentials π¦Ώ
π Read
via "Tech Republic".
Specops recently released a roundup of the top 20 TV shows found on breached password lists. These shows offer plenty of entertainment, but aren't ideal for password inspiration. Sorry, "Cheers" fans.π Read
via "Tech Republic".
TechRepublic
Breached passwords: Popular TV shows don't make for the best security credentials
Specops recently released a roundup of the top 20 TV shows found on breached password lists. These shows offer plenty of entertainment, but aren't ideal for password inspiration. Sorry, "Cheers" fans.
βΌ CVE-2020-4941 βΌ
π Read
via "National Vulnerability Database".
IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22276 βΌ
π Read
via "National Vulnerability Database".
The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20485 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4805 βΌ
π Read
via "National Vulnerability Database".
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38864 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36823 βΌ
π Read
via "National Vulnerability Database".
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions <= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38863 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20435 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26794 βΌ
π Read
via "National Vulnerability Database".
Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file.π Read
via "National Vulnerability Database".