‼ CVE-2021-39940 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39941 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39917 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39934 ‼
📖 Read
via "National Vulnerability Database".
Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44965 ‼
📖 Read
via "National Vulnerability Database".
Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39945 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39936 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39916 ‼
📖 Read
via "National Vulnerability Database".
Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39939 ‼
📖 Read
via "National Vulnerability Database".
An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39915 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects📖 Read
via "National Vulnerability Database".
🕴 Darktrace Reports Information Technology and Communications Sector Most Targeted by Cyberattackers in 2021 🕴
📖 Read
via "Dark Reading".
Most targeted industry shifts from the financial and insurance sector in 2020.📖 Read
via "Dark Reading".
Dark Reading
Darktrace Reports Information Technology and Communications Sector Most Targeted by Cyberattackers in 2021
Most targeted industry shifts from the financial and insurance sector in 2020.
🕴 Kaspersky Opens Doors to New Transparency Center in North America 🕴
📖 Read
via "Dark Reading".
The opening marks the fifth center opened globally, fulfilling a key milestone within the Global Transparency Initiative.📖 Read
via "Dark Reading".
Dark Reading
Kaspersky Opens Doors to New Transparency Center in North America
The opening marks the fifth center opened globally, fulfilling a key milestone within the Global Transparency Initiative.
❌ Log4Shell Is Spawning Even Nastier Mutations ❌
📖 Read
via "Threat Post".
The cybersecurity Hiroshima of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.📖 Read
via "Threat Post".
Threat Post
Log4Shell Is Spawning Even Nastier Mutations
What some call the worst cybersecurity catastrophe of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.
❌ Malicious PyPI Code Packages Rack Up Thousands of Downloads ❌
📖 Read
via "Threat Post".
The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.📖 Read
via "Threat Post".
Threat Post
Malicious PyPI Code Packages Rack Up Thousands of Downloads
The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.
❌ Where the Latest Log4Shell Attacks Are Coming From ❌
📖 Read
via "Threat Post".
Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.📖 Read
via "Threat Post".
Threat Post
Where the Latest Log4Shell Attacks Are Coming From
Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.
‼ CVE-2021-39053 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 214524.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16156 ‼
📖 Read
via "National Vulnerability Database".
CPAN 2.28 allows Signature Verification Bypass.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39064 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16155 ‼
📖 Read
via "National Vulnerability Database".
The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39052 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39065 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958.📖 Read
via "National Vulnerability Database".