π¦Ώ Your weak passwords can be cracked in less than a second π¦Ώ
π Read
via "Tech Republic".
Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass.π Read
via "Tech Republic".
TechRepublic
Your weak passwords can be cracked in less than a second
Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass.
π΄ Belarus Linked to Big European Disinformation Campaign π΄
π Read
via "Dark Reading".
EU officials and others previously had blamed Russia's intelligence operations for the so-called Ghostwriter campaign.π Read
via "Dark Reading".
Dark Reading
Belarus Linked to Big European Disinformation Campaign
EU officials and others previously had blamed Russia's intelligence operations for the so-called Ghostwriter campaign.
ποΈ Vulnerabilities in GitHub NPM packages could allow threat actors to publish malicious versions ποΈ
π Read
via "The Daily Swig".
Details of flaws were made public this weekπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Vulnerabilities in NPM allowed threat actors to publish new version of any package
Details of flaws were made public this week
βΌ CVE-2020-12951 βΌ
π Read
via "National Vulnerability Database".
Race condition in PSP FW could allow less privileged x86 code to perform PSP SMM operations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38984 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) βΌ
π Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26321 βΌ
π Read
via "National Vulnerability Database".
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41244 βΌ
π Read
via "National Vulnerability Database".
Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update usersΓ’β¬β’ roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24856 βΌ
π Read
via "National Vulnerability Database".
The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2020-12904 βΌ
π Read
via "National Vulnerability Database".
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43495 βΌ
π Read
via "National Vulnerability Database".
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41950 βΌ
π Read
via "National Vulnerability Database".
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26330 βΌ
π Read
via "National Vulnerability Database".
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25984 βΌ
π Read
via "National Vulnerability Database".
In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the Γ’β¬Εpost replyΓ’β¬οΏ½ section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39222 βΌ
π Read
via "National Vulnerability Database".
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Talk application is upgraded to patched versions 10.0.7, 10.1.4, 11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has support for Content-Security-Policy.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24852 βΌ
π Read
via "National Vulnerability Database".
The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42955 βΌ
π Read
via "National Vulnerability Database".
Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12892 βΌ
π Read
via "National Vulnerability Database".
An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12954 βΌ
π Read
via "National Vulnerability Database".
A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38978 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) βΌ
π Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25965 βΌ
π Read
via "National Vulnerability Database".
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38983 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) βΌ
π Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792.π Read
via "National Vulnerability Database".