🗓️ Zero-day vulnerability in Hillrom cardiology devices could allow attackers full control 🗓️
📖 Read
via "The Daily Swig".
Security flaw will be addressed in the next release📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Zero-day vulnerability in Hillrom cardiology devices could allow attackers full control
Security flaw will be addressed in the next release
🕴 Why Cloud Service Providers Are a Single Point of Failure 🕴
📖 Read
via "Dark Reading".
In a matter of days, a large-scale outage of cloud and other online services could cause $15 billion in losses.📖 Read
via "Dark Reading".
Dark Reading
Why Cloud Service Providers Are a Single Point of Failure
In a matter of days, a large-scale outage of cloud and other online services could cause $15 billion in losses.
🕴 Why the Private Sector Is Key to Stopping Russian Hacking Group APT29 🕴
📖 Read
via "Dark Reading".
Left unchecked, these attacks could have devastating effects on government and military secrets and jeopardize the software supply chain and the global economy.📖 Read
via "Dark Reading".
Dark Reading
Why the Private Sector Is Key to Stopping Russian Hacking Group APT29
Left unchecked, these attacks could have devastating effects on government and military secrets and jeopardize the software supply chain and the global economy.
👍1
‼ CVE-2021-36169 ‼
📖 Read
via "National Vulnerability Database".
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.📖 Read
via "National Vulnerability Database".
🛠 Zed Attack Proxy 2.11.1 Cross Platform Package 🛠
📖 Read
via "Packet Storm Security".
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Zed Attack Proxy 2.11.1 Cross Platform Package ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 2 Website Threats to Address for the Holiday Shopping Rush 🕴
📖 Read
via "Dark Reading".
Some tips for effectively combating Web supply chain attacks and customer hijacking via browser extensions.📖 Read
via "Dark Reading".
Dark Reading
2 Website Threats to Address for the Holiday Shopping Rush
Some tips for effectively combating Web supply chain attacks and customer hijacking via browser extensions.
👍1
‼ CVE-2021-39944 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39933 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39938 ‼
📖 Read
via "National Vulnerability Database".
A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39919 ‼
📖 Read
via "National Vulnerability Database".
In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40007 ‼
📖 Read
via "National Vulnerability Database".
There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39910 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40008 ‼
📖 Read
via "National Vulnerability Database".
There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44966 ‼
📖 Read
via "National Vulnerability Database".
SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43983 ‼
📖 Read
via "National Vulnerability Database".
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39932 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39940 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39941 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39917 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39934 ‼
📖 Read
via "National Vulnerability Database".
Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44965 ‼
📖 Read
via "National Vulnerability Database".
Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server.📖 Read
via "National Vulnerability Database".