βΌ CVE-2021-26334 βΌ
π Read
via "National Vulnerability Database".
The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20611 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20609 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20610 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43687 βΌ
π Read
via "National Vulnerability Database".
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.π Read
via "National Vulnerability Database".
π΄ How Will Cyber Threats Impact the Beijing Winter Olympics? π΄
π Read
via "Dark Reading".
NTT helped the International Olympic Committee dodge a security bullet in Tokyo. The world will watch to see if it can pull off a similar feat in Beijing for the upcoming Winter Games.π Read
via "Dark Reading".
Dark Reading
How Will Cyber Threats Impact the Beijing Winter Olympics?
NTT helped the International Olympic Committee dodge a security bullet in Tokyo. The world will watch to see if it can pull off a similar feat in Beijing for the upcoming Winter Games.
π΄ CISA Names 23 Members to New Cybersecurity Advisory Committee π΄
π Read
via "Dark Reading".
Group will advise and provide recommendations to the director to enhance the nationβs cyber defense.π Read
via "Dark Reading".
Dark Reading
CISA Names 23 Members to New Cybersecurity Advisory Committee
Group will advise and provide recommendations to the director to enhance the nationβs cyber defense.
π΄ ReliaQuest Valued At More Than $1 Billion Following Growth Round Led by KKR π΄
π Read
via "Dark Reading".
The open XDR-as-a-service provider will use investment to expand business operations and further development of its GreyMatter platform.π Read
via "Dark Reading".
Dark Reading
ReliaQuest Valued At More Than $1 Billion Following Growth Round Led by KKR
The open XDR-as-a-service provider will use investment to expand business operations and further development of its GreyMatter platform.
βΌ CVE-2021-29849 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29863 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29779 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42776 βΌ
π Read
via "National Vulnerability Database".
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38575 βΌ
π Read
via "National Vulnerability Database".
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20400 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.π Read
via "National Vulnerability Database".
π΄ CyCognito Raises $100 Million Series C Funding π΄
π Read
via "Dark Reading".
Companies offers external attack surface management platform to help companies prioritize, investigate, and respond to potential security risks.π Read
via "Dark Reading".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
β 80K Retail WooCommerce Sites Exposed by Plugin XSS Bug β
π Read
via "Threat Post".
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.π Read
via "Threat Post".
Threat Post
80K Retail WooCommerce Sites Exposed by Plugin XSS Bug
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.
π¦Ώ Cybersecurity: Increase your protection by using the open-source tool YARA π¦Ώ
π Read
via "Tech Republic".
This won't replace antivirus software, but it can help you detect problems much more efficiently and allows more customization. Here's how to install it on Mac, Windows and Linux.π Read
via "Tech Republic".
TechRepublic
Cybersecurity: Increase your protection by using the open source tool YARA
YARA won't replace antivirus software, but it can help you detect problems much more efficiently and allows more customization. Here's how to install YARA on macOS, Windows and Linux.
βΌ CVE-2021-43137 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43792 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43794 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43793 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourseπ Read
via "National Vulnerability Database".