βΌ CVE-2021-42078 βΌ
π Read
via "National Vulnerability Database".
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31600 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42074 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and closing TCP connections while sending a Hello message for each TCP session.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42072 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42075 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42076 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42370 βΌ
π Read
via "National Vulnerability Database".
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)π Read
via "National Vulnerability Database".
π΄ 3 Ways to Deal With the Trojan Source Attack π΄
π Read
via "Dark Reading".
These scripts and commands can be used to block the Trojan Source attack.π Read
via "Dark Reading".
Dark Reading
3 Ways to Deal With the Trojan Source Attack
These scripts and commands provide short-term fixes for blocking the Trojan Source attack that abuses Unicode to inject malicious backdoors int source code.
ποΈ Interpol issues arrest warrants for members of Clop ransomware gang ποΈ
π Read
via "The Daily Swig".
Wanted: cybercriminals behind global malware campaignπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Interpol issues arrest warrants for members of Clop ransomware gang
Wanted: cybercriminals behind global malware campaign
ποΈ Campaigning lawyers launch counter-offensive against software patent trolls ποΈ
π Read
via "The Daily Swig".
Stemming the tide of βstupid software patents and the trolls they feedβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Campaigning lawyers launch counter-offensive against software patent trolls
Stemming the tide of βstupid software patents and the trolls they feedβ
π΄ Could Cyber Diplomacy Be the Ultimate Answer to American Ransomware Woes? π΄
π Read
via "Dark Reading".
Incentives for good conduct and deterrents for bad behavior in cyberspace are impossible to effectively establish and enforce without international collaboration and commitment.π Read
via "Dark Reading".
Dark Reading
Could Cyber Diplomacy Be the Ultimate Answer to American Ransomware Woes?
Incentives for good conduct and deterrents for bad behavior in cyberspace are impossible to effectively establish and enforce without international collaboration and commitment.
βΌ CVE-2021-32482 βΌ
π Read
via "National Vulnerability Database".
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32483 βΌ
π Read
via "National Vulnerability Database".
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30132 βΌ
π Read
via "National Vulnerability Database".
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29243 βΌ
π Read
via "National Vulnerability Database".
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22051 βΌ
π Read
via "National Vulnerability Database".
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37850 βΌ
π Read
via "National Vulnerability Database".
ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32481 βΌ
π Read
via "National Vulnerability Database".
Cloudera Hue 4.6.0 allows XSS via the type parameter.π Read
via "National Vulnerability Database".
π΄ Valeo Networks Acquires On Time Tech, Accelerating National Growth Strategy π΄
π Read
via "Dark Reading".
Through this latest acquisition, the company adds two more California locations.π Read
via "Dark Reading".
Dark Reading
Valeo Networks Acquires On Time Tech, Accelerating National Growth Strategy
Through this latest acquisition, the company adds two more California locations.
ποΈ Mozilla disables βlow usageβ encryption feature to resolve Thunderbird HTTP/2 vulnerability ποΈ
π Read
via "The Daily Swig".
Multiple flaws in email client resolved with security updateπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Mozilla disables βlow usageβ encryption feature to resolve Thunderbird HTTP/2 vulnerability
Multiple flaws in email client resolved with security update