‼ CVE-2021-44652 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.📖 Read
via "National Vulnerability Database".
🦿 US government urges organizations to prepare for Russian-sponsored cyber threats 🦿
📖 Read
via "Tech Republic".
Though the feds don't cite any specific threat, a joint advisory from CISA, the FBI and the NSA offers advice on how to detect and mitigate cyberattacks sponsored by Russia.📖 Read
via "Tech Republic".
TechRepublic
US government urges organizations to prepare for Russian-sponsored cyber threats
Though the feds don't cite any specific threat, a joint advisory from CISA, the FBI and the NSA offers advice on how to detect and mitigate cyberattacks sponsored by Russia.
🕴 Critical Infrastructure Security and a Case for Optimism in 2022 🕴
📖 Read
via "Dark Reading".
The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing.📖 Read
via "Dark Reading".
Dark Reading
Critical Infrastructure Security and a Case for Optimism in 2022
The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing.
❌ New York AG Warns 17 Firms of Credential Attacks ❌
📖 Read
via "Threat Post".
Sponsored: Password security is highlighted in attorney general warning to New York state businesses.📖 Read
via "Threat Post".
Threat Post
New York AG Warns 17 Firms of Credential Attacks
Sponsored: Password security is highlighted in attorney general warning to New York state businesses.
‼ CVE-2022-0015 ‼
📖 Read
via "National Vulnerability Database".
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45388 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-45608. Reason: This candidate is a reservation duplicate of CVE-2021-45608. Notes: All CVE users should reference CVE-2021-45608 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43436 ‼
📖 Read
via "National Vulnerability Database".
MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45411 ‼
📖 Read
via "National Vulnerability Database".
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45445 ‼
📖 Read
via "National Vulnerability Database".
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28377 ‼
📖 Read
via "National Vulnerability Database".
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28376 ‼
📖 Read
via "National Vulnerability Database".
ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0012 ‼
📖 Read
via "National Vulnerability Database".
An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0013 ‼
📖 Read
via "National Vulnerability Database".
A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0014 ‼
📖 Read
via "National Vulnerability Database".
An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38892 ‼
📖 Read
via "National Vulnerability Database".
IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote threat actor who can access (without previous authentication) a valid PA endpoint to read and write files to the IBM Planning Analytics system. Depending on file system permissions up to path traversal and possibly remote code execution. IBM X-Force ID: 209511.📖 Read
via "National Vulnerability Database".
🕴 Flashpoint Acquires Risk Based Security 🕴
📖 Read
via "Dark Reading".
Flashpoint plans to integrate Risk Based Security data and technology into its platform to boost threat intelligence and vulnerability management.📖 Read
via "Dark Reading".
Dark Reading
Flashpoint Acquires Risk Based Security
Flashpoint plans to integrate Risk Based Security data and technology into its platform to boost threat intelligence and vulnerability management.
❌ Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts ❌
📖 Read
via "Threat Post".
Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users.📖 Read
via "Threat Post".
Threat Post
Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts
Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users.
‼ CVE-2022-21676 ‼
📖 Read
via "National Vulnerability Database".
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42561 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in order to escape the current command and execute arbitrary shell commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23116 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42558 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.📖 Read
via "National Vulnerability Database".