ποΈ Wind turbine giant Vestas confirms data breach following βcybersecurity incidentβ ποΈ
π Read
via "The Daily Swig".
Danish company has also βinitiated a gradual and controlled reopening of all IT systemsβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Wind turbine giant Vestas confirms data breach following βcybersecurity incidentβ
Danish company has also βinitiated a gradual and controlled reopening of all IT systemsβ
π΄ Why the 'Basement Hacker' Stereotype Is Wrong β and Dangerous π΄
π Read
via "Dark Reading".
It engenders a false sense of superiority that spurs complacency among risk managers and executives, who in turn may underinvest in security teams, rely too much on automation, or both.π Read
via "Dark Reading".
Dark Reading
Why the 'Basement Hacker' Stereotype Is Wrong β and Dangerous
It engenders a false sense of superiority that spurs complacency among risk managers and executives, who in turn may underinvest in security teams, rely too much on automation, or both.
βΌ CVE-2021-42737 βΌ
π Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40772 βΌ
π Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42733 βΌ
π Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by an improper input validation vulnerability in the XDCAMSAM directory. An unauthenticated attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43015 βΌ
π Read
via "National Vulnerability Database".
Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43016 βΌ
π Read
via "National Vulnerability Database".
Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40773 βΌ
π Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43559 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26614 βΌ
π Read
via "National Vulnerability Database".
ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7882 βΌ
π Read
via "National Vulnerability Database".
Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../')π Read
via "National Vulnerability Database".
βΌ CVE-2021-42727 βΌ
π Read
via "National Vulnerability Database".
Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected by a Path traversal vulnerability. The authenticated attacker can upload arbitrary files outside of the intended directory to cause remote code execution with privileges of user running Tomcat. Exploitation of this issue requires user interaction in that a victim must navigate to a planted file on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3935 βΌ
π Read
via "National Vulnerability Database".
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43558 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40771 βΌ
π Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43560 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40775 βΌ
π Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40770 βΌ
π Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42738 βΌ
π Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3943 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40774 βΌ
π Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".