βΌ CVE-2021-38618 βΌ
π Read
via "National Vulnerability Database".
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38398 βΌ
π Read
via "National Vulnerability Database".
The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities.π Read
via "National Vulnerability Database".
β Encrypted & Fileless Malware Sees Big Growth β
π Read
via "Threat Post".
An analysis of second-quarter malware trends shows that threats are becoming stealthier.π Read
via "Threat Post".
Threat Post
Encrypted & Fileless Malware Sees Big Growth
An analysis of second-quarter malware trends shows that threats are becoming stealthier.
β Encrypted & Fileless Malware Sees Big Growth β
π Read
via "Threat Post".
An analysis of second-quarter malware trends shows that threats are becoming stealthier.π Read
via "Threat Post".
Threat Post
Encrypted & Fileless Malware Sees Big Growth
An analysis of second-quarter malware trends shows that threats are becoming stealthier.
β Encrypted & Fileless Malware Sees Big Growth β
π Read
via "Threat Post".
An analysis of second-quarter malware trends shows that threats are becoming stealthier.π Read
via "Threat Post".
Threat Post
Encrypted & Fileless Malware Sees Big Growth
An analysis of second-quarter malware trends shows that threats are becoming stealthier.
β Facebook Outage Drags Down Instagram, WhatsApp, Messenger, Oculus VR β
π Read
via "Threat Post".
They were all flat on their faces for hours on Monday, throwing off DNS error messages or other server-related errors.π Read
via "Threat Post".
Threat Post
Facebook Outage Drags Down Instagram, WhatsApp, Messenger, Oculus VR
They were all flat on their faces for hours on Monday, throwing off DNS error messages or other server-related errors.
π΄ One Identity Acquires OneLogin to Boost Identity Security Portfolio π΄
π Read
via "Dark Reading".
The combination of One Identity and OneLogin will provide customers with a unified identity security platform to manage identities and networks.π Read
via "Dark Reading".
Dark Reading
One Identity Acquires OneLogin to Boost Identity Security Portfolio
The combination of One Identity and OneLogin will provide customers with a unified identity security platform to manage identities and networks.
βΌ CVE-2020-21431 βΌ
π Read
via "National Vulnerability Database".
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21387 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41089 βΌ
π Read
via "National Vulnerability Database".
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the hostΓΒ’Γ’β¬ÒβΒ’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39433 βΌ
π Read
via "National Vulnerability Database".
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32765 βΌ
π Read
via "National Vulnerability Database".
Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21434 βΌ
π Read
via "National Vulnerability Database".
Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21386 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21493 βΌ
π Read
via "National Vulnerability Database".
An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21496 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41092 βΌ
π Read
via "National Vulnerability Database".
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21495 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21494 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41091 βΌ
π Read
via "National Vulnerability Database".
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.π Read
via "National Vulnerability Database".
π΄ Windows 11 Available: What Security Pros Should Know π΄
π Read
via "Dark Reading".
Microsoft discusses the security requirements and changes coming to the newest version of its Windows operating system.π Read
via "Dark Reading".
Dark Reading
Windows 11 Available: What Security Pros Should Know
Microsoft discusses the security requirements and changes coming to the newest version of its Windows operating system.