‼ CVE-2018-14640 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
🕴 3 Security Lessons Learned From the Kaseya Ransomware Attack 🕴
📖 Read
via "Dark Reading".
Organizations can better prepare themselves and their customers for these attacks with some strategies to identify threats before they become a widespread issue.📖 Read
via "Dark Reading".
Dark Reading
3 Security Lessons Learned From the Kaseya Ransomware Attack
Organizations can better prepare themselves and their customers for these attacks with some strategies to identify threats before they become a widespread issue.
‼ CVE-2021-22097 ‼
📖 Read
via "National Vulnerability Database".
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22044 ‼
📖 Read
via "National Vulnerability Database".
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22047 ‼
📖 Read
via "National Vulnerability Database".
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22096 ‼
📖 Read
via "National Vulnerability Database".
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7875 ‼
📖 Read
via "National Vulnerability Database".
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3745 ‼
📖 Read
via "National Vulnerability Database".
flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type📖 Read
via "National Vulnerability Database".
🔏 What is Phishing? Common Attacks & How to Avoid Them 🔏
📖 Read
via "".
The goal of nearly every phishing attempt is to steal information but attacks can come in different forms. In today's blog, we break down common phishing types, tactics and 50 examples of phishing attacks.📖 Read
via "".
Digital Guardian
What is Phishing? Common Attacks & How to Avoid Them
The goal of nearly every phishing attempt is to steal information but attacks can come in different forms. In today's blog, we break down common phishing types, tactics and 50 examples of phishing attacks.
🕴 US to Create Diplomatic Bureau to Lead Cybersecurity Policy 🕴
📖 Read
via "Dark Reading".
As part of its modernization initiative, the Department of State will increase its IT budget by 50% and add a new bureau to lead cybersecurity and digital policy.📖 Read
via "Dark Reading".
Dark Reading
US to Create Diplomatic Bureau to Lead Cybersecurity Policy
As part of its modernization initiative, the Department of State will increase its IT budget by 50% and add a new bureau to lead cybersecurity and digital policy.
🕴 Stop Zero-Day Ransomware Cold With AI 🕴
📖 Read
via "Dark Reading".
AI can help recognize ransomware attacks and stop them at computer speed.📖 Read
via "Dark Reading".
Dark Reading
Stop Zero-Day Ransomware Cold With AI
AI can help recognize ransomware attacks and stop them at computer speed.
‼ CVE-2020-10005 ‼
📖 Read
via "National Vulnerability Database".
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. An attacker in a privileged network position may be able to perform denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30814 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25422 ‼
📖 Read
via "National Vulnerability Database".
A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30840 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted dfont file may lead to arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30808 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A malicious application may be able to modify protected parts of the file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30834 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30813 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30823 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9897 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1821 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a maliciously crafted webpage may lead to a system denial of service.📖 Read
via "National Vulnerability Database".