βΌ CVE-2021-44279 βΌ
π Read
via "National Vulnerability Database".
Librenms 21.11.0 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44277 βΌ
π Read
via "National Vulnerability Database".
Librenms 21.11.0 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.π Read
via "National Vulnerability Database".
ποΈ βOver-permissiveβ authentication checks left 190 Australian organizations vulnerable to business email compromise attacks ποΈ
π Read
via "The Daily Swig".
Mail servers readily hijacked due to MSP oversightπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βOver-permissiveβ authentication checks left 190 Australian organizations vulnerable to business email compromise attacks
Mail servers readily hijacked due to MSP oversight
π΄ CyCognito Secures $100M to Accelerate Next Evolution of Attack Surface Management π΄
π Read
via "Dark Reading".
Company gives Fortune 500 companies including Colgate-Palmolive, Tesco and Scientific Games Corporation full visibility and context into risk to preempt potential attacks.π Read
via "Dark Reading".
Dark Reading
CyCognito Secures $100M to Accelerate Next Evolution of Attack Surface Management
Company gives Fortune 500 companies including Colgate-Palmolive, Tesco and Scientific Games Corporation full visibility and context into risk to preempt potential attacks.
β Stealthy βWIRTEβ Gang Targets Middle Eastern Governments β
π Read
via "Threat Post".
Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.π Read
via "Threat Post".
Threat Post
Stealthy βWIRTEβ Gang Targets Middle Eastern Governments
Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.
βΌ CVE-2021-43689 βΌ
π Read
via "National Vulnerability Database".
manage (last update Oct 24, 2017) is affected by is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43685 βΌ
π Read
via "National Vulnerability Database".
libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44480 βΌ
π Read
via "National Vulnerability Database".
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44479 βΌ
π Read
via "National Vulnerability Database".
NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40154 βΌ
π Read
via "National Vulnerability Database".
NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10627 βΌ
π Read
via "National Vulnerability Database".
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26334 βΌ
π Read
via "National Vulnerability Database".
The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20611 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20609 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20610 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43687 βΌ
π Read
via "National Vulnerability Database".
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.π Read
via "National Vulnerability Database".
π΄ How Will Cyber Threats Impact the Beijing Winter Olympics? π΄
π Read
via "Dark Reading".
NTT helped the International Olympic Committee dodge a security bullet in Tokyo. The world will watch to see if it can pull off a similar feat in Beijing for the upcoming Winter Games.π Read
via "Dark Reading".
Dark Reading
How Will Cyber Threats Impact the Beijing Winter Olympics?
NTT helped the International Olympic Committee dodge a security bullet in Tokyo. The world will watch to see if it can pull off a similar feat in Beijing for the upcoming Winter Games.
π΄ CISA Names 23 Members to New Cybersecurity Advisory Committee π΄
π Read
via "Dark Reading".
Group will advise and provide recommendations to the director to enhance the nationβs cyber defense.π Read
via "Dark Reading".
Dark Reading
CISA Names 23 Members to New Cybersecurity Advisory Committee
Group will advise and provide recommendations to the director to enhance the nationβs cyber defense.
π΄ ReliaQuest Valued At More Than $1 Billion Following Growth Round Led by KKR π΄
π Read
via "Dark Reading".
The open XDR-as-a-service provider will use investment to expand business operations and further development of its GreyMatter platform.π Read
via "Dark Reading".
Dark Reading
ReliaQuest Valued At More Than $1 Billion Following Growth Round Led by KKR
The open XDR-as-a-service provider will use investment to expand business operations and further development of its GreyMatter platform.
βΌ CVE-2021-29849 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29863 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087.π Read
via "National Vulnerability Database".