‼ CVE-2021-39413 ‼
📖 Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23565 ‼
📖 Read
via "National Vulnerability Database".
Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850".📖 Read
via "National Vulnerability Database".
❌ Native Tribal Casinos Taking Millions in Ransomware Losses ❌
📖 Read
via "Threat Post".
An FBI notification is warning of an uptick in attacks against tribal casinos.📖 Read
via "Threat Post".
Threat Post
Native Tribal Casinos Taking Millions in Ransomware Losses
An FBI notification is warning of an uptick in attacks against tribal casinos.
‼ CVE-2021-43404 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29753 ‼
📖 Read
via "National Vulnerability Database".
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42837 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35368 ‼
📖 Read
via "National Vulnerability Database".
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43405 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43406 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).📖 Read
via "National Vulnerability Database".
🦿 Track data activity before "unusual" becomes "dangerous" 🦿
📖 Read
via "Tech Republic".
A security expert raises concerns that a lack of identifying and tracking unusual data activity can have dangerous consequences.📖 Read
via "Tech Republic".
TechRepublic
Cybersecurity: Track data activity before "unusual" becomes dangerous
A security expert raises concerns that a lack of identifying and tracking unusual data activity can have dangerous consequences.
🕴 US Defense Contractor Discloses Data Breach 🕴
📖 Read
via "Dark Reading".
Electronic Warfare Associates says an attackers infiltrated EWA email in August, which led to the exfiltration of files with personal data.📖 Read
via "Dark Reading".
Dark Reading
US Defense Contractor Discloses Data Breach
Electronic Warfare Associates says an attackers infiltrated EWA email in August, which led to the exfiltration of files with personal data.
🕴 Who's Minding Your Company's Crypto Decisions? 🕴
📖 Read
via "Dark Reading".
Security teams must first evaluate security protocols and the reputation of the cryptocurrency payment platform before their companies can proceed to accept the alternative currency as payment.📖 Read
via "Dark Reading".
Dark Reading
Who's Minding Your Company's Crypto Decisions?
Security teams must first evaluate security protocols and the reputation of the cryptocurrency payment platform before their companies can proceed to accept the alternative currency as payment.
‼ CVE-2021-41230 ‼
📖 Read
via "National Vulnerability Database".
Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using `allowed_idp_claims` as part of policy. If using `allowed_idp_claims` and a user's claims are changed, Pomerium can make incorrect authorization decisions. This issue has been resolved in v0.15.6. For users unable to upgrade clear data on `databroker` service by clearing redis or restarting the in-memory databroker to force claims to be updated.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41216 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41221 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22222 ‼
📖 Read
via "National Vulnerability Database".
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41225 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22225 ‼
📖 Read
via "National Vulnerability Database".
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41222 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22224 ‼
📖 Read
via "National Vulnerability Database".
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41250 ‼
📖 Read
via "National Vulnerability Database".
Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation filters can be bypassed. This issue has been resolved in commit 67390298852513d13e0213870e50fb3cff1424e0📖 Read
via "National Vulnerability Database".