βΌ CVE-2021-25982 βΌ
π Read
via "National Vulnerability Database".
In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the Γ’β¬ΕsearchΓ’β¬οΏ½ parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42703 (webaccess_hmi_designer) βΌ
π Read
via "National Vulnerability Database".
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the userΓ’β¬β’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12903 βΌ
π Read
via "National Vulnerability Database".
Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42385 (busybox) βΌ
π Read
via "National Vulnerability Database".
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate functionπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25985 βΌ
π Read
via "National Vulnerability Database".
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a userΓ’β¬β’s session even after the user logs out of the application. In addition, user sessions are stored in the browserΓ’β¬β’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, followed by a local account takeover.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29861 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26323 βΌ
π Read
via "National Vulnerability Database".
Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24802 βΌ
π Read
via "National Vulnerability Database".
The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41266 βΌ
π Read
via "National Vulnerability Database".
Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affected and are advised to update to 0.12.3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42373 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is givenπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42721 βΌ
π Read
via "National Vulnerability Database".
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42374 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format thatπ Read
via "National Vulnerability Database".
βΌ CVE-2020-12902 βΌ
π Read
via "National Vulnerability Database".
Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42377 βΌ
π Read
via "National Vulnerability Database".
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.π Read
via "National Vulnerability Database".
β Emotet malware: βThe report of my death was an exaggerationβ β
π Read
via "Naked Security".
"Old malware rarely dies." The best way to predict the future is to look at the past... if it worked before, it will probably work again.π Read
via "Naked Security".
Naked Security
Emotet malware: βThe report of my death was an exaggerationβ
βOld malware rarely dies.β The best way to predict the future is to look at the pastβ¦ if it worked before, it will probably work again.
β The self-driving smart suitcaseβ¦ that the person behind you can hijack! β
π Read
via "Naked Security".
Apparently, we need a self-driving IoT Bluetooth robot suitcase. Who knew?π Read
via "Naked Security".
Naked Security
The self-driving smart suitcase⦠that the person behind you can hijack!
Apparently, we need a self-driving IoT Bluetooth robot suitcase. Who knew?
π¦Ώ Your weak passwords can be cracked in less than a second π¦Ώ
π Read
via "Tech Republic".
Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass.π Read
via "Tech Republic".
TechRepublic
Your weak passwords can be cracked in less than a second
Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass.
π¦Ώ How to protect your organization from ransomware attacks during the holiday season π¦Ώ
π Read
via "Tech Republic".
A quarter of security pros polled by Cybereason said they lack a plan to deal with a ransomware attack during a weekend or holiday.π Read
via "Tech Republic".
TechRepublic
How to protect your organization from ransomware attacks during the holiday season
A quarter of security pros polled by Cybereason said they lack a plan to deal with a ransomware attack during a weekend or holiday.
βΌ CVE-2021-42250 βΌ
π Read
via "National Vulnerability Database".
Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40745 βΌ
π Read
via "National Vulnerability Database".
Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server.π Read
via "National Vulnerability Database".
π΄ Is XDR Overhyped? π΄
π Read
via "Dark Reading".
Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category.π Read
via "Dark Reading".
Dark Reading
Is XDR Overhyped?
Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category.