βΌ CVE-2021-27007 βΌ
π Read
via "National Vulnerability Database".
NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session.π Read
via "National Vulnerability Database".
βΌ CVE-2018-4478 βΌ
π Read
via "National Vulnerability Database".
A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2018-4302 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3584 βΌ
π Read
via "National Vulnerability Database".
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43989 βΌ
π Read
via "National Vulnerability Database".
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44540 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44453 βΌ
π Read
via "National Vulnerability Database".
mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2017-13892 βΌ
π Read
via "National Vulnerability Database".
An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35243 βΌ
π Read
via "National Vulnerability Database".
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.6 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20876 βΌ
π Read
via "National Vulnerability Database".
Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site's server via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20827 βΌ
π Read
via "National Vulnerability Database".
Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the attacker may access the PLC Web server and hijack the PLC, and manipulation of the PLC output and/or suspension of the PLC may be conducted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20874 βΌ
π Read
via "National Vulnerability Database".
Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain sensitive information via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20875 βΌ
π Read
via "National Vulnerability Database".
Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20826 βΌ
π Read
via "National Vulnerability Database".
Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from the communication between the PLC and the software. As a result, the complete access privileges to the PLC Web server may be obtained, and manipulation of the PLC output and/or suspension of the PLC may be conducted.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23772 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder.π Read
via "National Vulnerability Database".
ποΈ #12DaysofSwigmas β Happy Holidays from The Daily Swig ποΈ
π Read
via "The Daily Swig".
On the 12th Day of Swigmas, The Daily Swig gave to meβ¦π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
#12DaysofSwigmas β Happy Holidays from The Daily Swig
On the 12th Day of Swigmas, The Daily Swig gave to meβ¦
βΌ CVE-2021-4072 βΌ
π Read
via "National Vulnerability Database".
elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
β The cool retro phone with a REAL DIALβ¦ plus plenty of IoT problems β
π Read
via "Naked Security".
You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.π Read
via "Naked Security".
Naked Security
The cool retro phone with a REAL DIAL⦠plus plenty of IoT problems
You know you want one, because this retro phone is NOT A TOY⦠except when it comes to cybersecurity.
π¦Ώ Switch to a well-paid tech career in 2022: Check out these 200+ IT courses π¦Ώ
π Read
via "Tech Republic".
Training for a lucrative tech career is easier and less expensive than you might think. Check out these online courses on programming, cybersecurity, project management and more.π Read
via "Tech Republic".
TechRepublic
Switch to a well-paid tech career in 2022: Check out these 200+ IT courses
Training for a lucrative tech career is easier and less expensive than you might think. Check out these online courses on programming, cybersecurity, project management and more.
β SFW! The Top N CyberΒsecurity Stories of 2021 (for small positive integer values of N) β
π Read
via "Naked Security".
Happy Holidays! Our Top N stories, all totally SFW!π Read
via "Naked Security".
Naked Security
SFW! The Top N CyberΒsecurity Stories of 2021 (for small positive integer values of N)
Happy Holidays! Our Top N stories, all totally SFW!
βΌ CVE-2021-37567 βΌ
π Read
via "National Vulnerability Database".
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.π Read
via "National Vulnerability Database".