βΌ CVE-2021-42084 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42091 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42088 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42095 βΌ
π Read
via "National Vulnerability Database".
Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21865 βΌ
π Read
via "National Vulnerability Database".
ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42086 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42094 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42085 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.π Read
via "National Vulnerability Database".
π΄ Microsec.ai Launches Solution to Deliver Agentless Runtime Protection for Multi-cloud Infrastructure as a Service π΄
π Read
via "Dark Reading".
Continuous monitoring of network traffic, data loss prevention, and responsive self-healing protection from threats to cloud-native applications.π Read
via "Dark Reading".
Dark Reading
Microsec.ai Launches Solution to Deliver Agentless Runtime Protection for Multi-cloud Infrastructure as a Service
Continuous monitoring of network traffic, data loss prevention, and responsive self-healing protection from threats to cloud-native applications.
π΄ HP Extends Security Features to Work-from-Home Devices π΄
π Read
via "Dark Reading".
HP aims to let admins secure work-from-home endpoints by extending cloud security management that can remotely track, detect and self-heal remote company devices -- including printers.π Read
via "Dark Reading".
Dark Reading
HP Extends Security Features to Work-from-Home Devices
HP aims to let admins secure work-from-home endpoints by extending cloud security management that can remotely track, detect and self-heal remote company devices -- including printers.
βΌ CVE-2021-25271 βΌ
π Read
via "National Vulnerability Database".
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25270 βΌ
π Read
via "National Vulnerability Database".
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33603 βΌ
π Read
via "National Vulnerability Database".
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40832 βΌ
π Read
via "National Vulnerability Database".
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.π Read
via "National Vulnerability Database".
ποΈ Apache HTTP Server update fails to squash path traversal, RCE bugs ποΈ
π Read
via "The Daily Swig".
Web admins told to upgrade (once again) to latest versionπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Apache HTTP Server update fails to squash path traversal, RCE bugs
Web admins told to upgrade (once again) to latest version
π΄ Hardware Bolsters Medical Device Security π΄
π Read
via "Dark Reading".
New microprocessor technologies like secure enclaves and cryptography acceleration enable hardware to better safeguard medical devices.π Read
via "Dark Reading".
Dark Reading
Hardware Bolsters Medical Device Security
New microprocessor technologies like secure enclaves and cryptography acceleration enable hardware to better safeguard medical devices.
βΌ CVE-2021-41947 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.π Read
via "National Vulnerability Database".
π΄ Patch 'Immediately': Apache Issues Software Fix as Zero-Day Attacks Pick Up π΄
π Read
via "Dark Reading".
CISA reports it's seeing ongoing scanning for the flaws and expects this to accelerate.π Read
via "Dark Reading".
Dark Reading
Patch 'Immediately': Apache Issues Software Fix Amid Zero-Day Attacks
CISA reports it's seeing ongoing scanning for the flaws and expects the activity to accelerate.
ποΈ Hong Kongβs anti-doxxing law comes into force despite human rights criticism ποΈ
π Read
via "The Daily Swig".
Violations could attract hefty fines and up to five years in prisonπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Hong Kongβs anti-doxxing law comes into force despite human rights criticism
Violations could attract hefty fines and up to five years in prison
π¦Ώ Install SELinux on Ubuntu Server 20.04: Here's how π¦Ώ
π Read
via "Tech Republic".
If you've already learned SELinux, but have to deploy Ubuntu as a server operating system, you can install SELinux and be on familiar ground.π Read
via "Tech Republic".
TechRepublic
Install SELinux on Ubuntu Server 20.04: Here's how
If you've already learned SELinux, but have to deploy Ubuntu as a server operating system, you can install SELinux and be on familiar ground.
β Apache patch proves patchy β now you need to patch the patch β
π Read
via "Naked Security".
Once more unto the breach, dear friends, once more, and close up the hole of encoding dread.π Read
via "Naked Security".
Naked Security
Apache patch proves patchy β now you need to patch the patch
Once more unto the breach, dear friends, once more, and close up the hole of encoding dread.