‼ CVE-2021-36294 ‼
📖 Read
via "National Vulnerability Database".
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36347 ‼
📖 Read
via "National Vulnerability Database".
iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36295 ‼
📖 Read
via "National Vulnerability Database".
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36348 ‼
📖 Read
via "National Vulnerability Database".
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36296 ‼
📖 Read
via "National Vulnerability Database".
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36289 ‼
📖 Read
via "National Vulnerability Database".
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36346 ‼
📖 Read
via "National Vulnerability Database".
Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.📖 Read
via "National Vulnerability Database".
🕴 Revelstoke Launches With SOAR Platform to Automate SOCs 🕴
📖 Read
via "Dark Reading".
The SOAR platform helps CISOs automate the security operations center via a low-code/no-code platform.📖 Read
via "Dark Reading".
Dark Reading
Revelstoke Launches With SOAR Platform to Automate SOCs
The SOAR platform helps CISOs automate the security operations center via a low-code/no-code platform.
‼ CVE-2019-25056 ‼
📖 Read
via "National Vulnerability Database".
In Bromite through 78.0.3904.130, there are adblock rules in the release APK; therefore, probing which resources are blocked and which aren't can identify the application version and defeat the User-Agent protection mechanism.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0355 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in NPM hiep-simple-get prior to 4.0.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46559 ‼
📖 Read
via "National Vulnerability Database".
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46560 ‼
📖 Read
via "National Vulnerability Database".
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23959 ‼
📖 Read
via "National Vulnerability Database".
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.📖 Read
via "National Vulnerability Database".
🕴 Fighting Supply Chain Email Attacks With AI 🕴
📖 Read
via "Dark Reading".
Supply chain account takeover is the most pressing issue facing email security today, but artificial intelligence can head off such attempts.📖 Read
via "Dark Reading".
Dark Reading
Fighting Supply Chain Email Attacks With AI
Supply chain account takeover is the most pressing issue facing email security today, but artificial intelligence can head off such attempts.
🗓️ Tor Project heads to Russian court to appeal against censorship 🗓️
📖 Read
via "The Daily Swig".
Volunteers urged to build bridges while Tor contests blockade📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tor Project heads to Russian court to appeal against censorship
Volunteers urged to build bridges while Tor contests blockade
‼ CVE-2021-44122 ‼
📖 Read
via "National Vulnerability Database".
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22932 ‼
📖 Read
via "National Vulnerability Database".
Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44123 ‼
📖 Read
via "National Vulnerability Database".
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41766 ‼
📖 Read
via "National Vulnerability Database".
Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated deserialization attacks, the implementation used by Apache Karaf is not protected against this kind of attack. The impact of Java deserialization vulnerabilities strongly depends on the classes that are available within the targets class path. Generally speaking, deserialization of untrusted data does always represent a high security risk and should be prevented. The risk is low as, by default, Karaf uses a limited set of classes in the JMX server class path. It depends of system scoped classes (e.g. jar in the lib folder).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0251 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0359 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in Conda vim prior to 8.2.📖 Read
via "National Vulnerability Database".