‼ CVE-2021-34800 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44201 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42365 ‼
📖 Read
via "National Vulnerability Database".
The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44203 ‼
📖 Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44200 ‼
📖 Read
via "National Vulnerability Database".
Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43786 ‼
📖 Read
via "National Vulnerability Database".
Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42364 ‼
📖 Read
via "National Vulnerability Database".
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44202 ‼
📖 Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035📖 Read
via "National Vulnerability Database".
🕴 Panasonic Hit in Data Breach 🕴
📖 Read
via "Dark Reading".
Tech firm reveals that data on one of its file servers was accessed by attackers.📖 Read
via "Dark Reading".
Dark Reading
Panasonic Hit in Data Breach
Tech firm reveals that data on one of its file servers was accessed by attackers.
🕴 Over 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation 🕴
📖 Read
via "Dark Reading".
HAECHI-II initiative represents Interpol's stepped-up efforts to tackle the operators of financially motivated online scams and other cyberattacks.📖 Read
via "Dark Reading".
Dark Reading
Over 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation
HAECHI-II initiative represents Interpol's stepped-up efforts to tackle the operators of financially motivated online scams and other cyberattacks.
🕴 Google Analyzes Methods Behind GCP Workload Attacks 🕴
📖 Read
via "Dark Reading".
The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows.📖 Read
via "Dark Reading".
Dark Reading
Google Analyzes Methods Behind GCP Workload Attacks
The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows.
🕴 IKEA Email Systems Targeted in Cyberattack 🕴
📖 Read
via "Dark Reading".
Attackers are reportedly targeting IKEA employees in a phishing campaign that leverages stolen reply-chain emails.📖 Read
via "Dark Reading".
Dark Reading
IKEA Email Systems Targeted in Cyberattack
Attackers are reportedly targeting IKEA employees in a phishing campaign that leverages stolen reply-chain emails.
🕴 Phishing Remains the Most Common Cause of Data Breaches, Survey Says 🕴
📖 Read
via "Dark Reading".
Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year.📖 Read
via "Dark Reading".
Dark Reading
Phishing Remains the Most Common Cause of Data Breaches, Survey Says
Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year.
🕴 9 out of 10 Healthcare Organizations Provide Telehealth Services, Yet Almost Half Face Patients' Mistrust Toward Privacy 🕴
📖 Read
via "Dark Reading".
Kaspersky surveyed healthcare decision-makers to learn how the digital transformation of the industry is going and which problems they believe should be solved to create a world in which everyone can gain access to quality care.📖 Read
via "Dark Reading".
Dark Reading
9 out of 10 Healthcare Organizations Provide Telehealth Services, Yet Almost Half Face Patients' Mistrust Toward Privacy
Kaspersky surveyed healthcare decision-makers to learn how the digital transformation of the industry is going and which problems they believe should be solved to create a world in which everyone can gain access to quality care.
‼ CVE-2021-44427 ‼
📖 Read
via "National Vulnerability Database".
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.📖 Read
via "National Vulnerability Database".
🕴 Armis Now Valued at $3.4B 🕴
📖 Read
via "Dark Reading".
One Equity Partners led the $300 million round, increasing the valuation of Armis from the $2 billion valuation it achieved less than 8 months ago.📖 Read
via "Dark Reading".
Dark Reading
Armis Now Valued at $3.4B
One Equity Partners led the $300 million round, increasing the valuation of Armis from the $2 billion valuation it achieved less than 8 months ago.
🕴 Stellar Cyber Raises $38M Series B to Address Need to Provide 360-Degree Visibility Across Entire Attack Surface 🕴
📖 Read
via "Dark Reading".
Oversubscribed round, including Samsung, rewards technical innovations and rapid market adoption, positions company for continued leadership.📖 Read
via "Dark Reading".
Dark Reading
Stellar Cyber Raises $38M Series B to Address Need to Provide 360-Degree Visibility Across Entire Attack Surface
Oversubscribed round, including Samsung, rewards technical innovations and rapid market adoption, positions company for continued leadership.
‼ CVE-2021-3727 ‼
📖 Read
via "National Vulnerability Database".
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3769 ‼
📖 Read
via "National Vulnerability Database".
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3725 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3726 ‼
📖 Read
via "National Vulnerability Database".
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function.📖 Read
via "National Vulnerability Database".