❌ Malicious PyPI Code Packages Rack Up Thousands of Downloads ❌
📖 Read
via "Threat Post".
The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.📖 Read
via "Threat Post".
Threat Post
Malicious PyPI Code Packages Rack Up Thousands of Downloads
The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.
❌ Where the Latest Log4Shell Attacks Are Coming From ❌
📖 Read
via "Threat Post".
Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.📖 Read
via "Threat Post".
Threat Post
Where the Latest Log4Shell Attacks Are Coming From
Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.
‼ CVE-2021-39053 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 214524.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16156 ‼
📖 Read
via "National Vulnerability Database".
CPAN 2.28 allows Signature Verification Bypass.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39064 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16155 ‼
📖 Read
via "National Vulnerability Database".
The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39052 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39065 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16154 ‼
📖 Read
via "National Vulnerability Database".
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43818 ‼
📖 Read
via "National Vulnerability Database".
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38947 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39058 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39054 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 214525.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39048 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43814 ‼
📖 Read
via "National Vulnerability Database".
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39049 ‼
📖 Read
via "National Vulnerability Database".
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39057 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32024 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4496 ‼
📖 Read
via "National Vulnerability Database".
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43817 ‼
📖 Read
via "National Vulnerability Database".
Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. Users should upgrade to Collabora Online 6.4.16 or higher or Collabora Online 4.2.20 or higher. Collabora Online Development Edition 21.11 is not affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39050 ‼
📖 Read
via "National Vulnerability Database".
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440.📖 Read
via "National Vulnerability Database".