‼ CVE-2021-36289 ‼
📖 Read
via "National Vulnerability Database".
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36346 ‼
📖 Read
via "National Vulnerability Database".
Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.📖 Read
via "National Vulnerability Database".
🕴 Revelstoke Launches With SOAR Platform to Automate SOCs 🕴
📖 Read
via "Dark Reading".
The SOAR platform helps CISOs automate the security operations center via a low-code/no-code platform.📖 Read
via "Dark Reading".
Dark Reading
Revelstoke Launches With SOAR Platform to Automate SOCs
The SOAR platform helps CISOs automate the security operations center via a low-code/no-code platform.
‼ CVE-2019-25056 ‼
📖 Read
via "National Vulnerability Database".
In Bromite through 78.0.3904.130, there are adblock rules in the release APK; therefore, probing which resources are blocked and which aren't can identify the application version and defeat the User-Agent protection mechanism.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0355 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in NPM hiep-simple-get prior to 4.0.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46559 ‼
📖 Read
via "National Vulnerability Database".
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46560 ‼
📖 Read
via "National Vulnerability Database".
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23959 ‼
📖 Read
via "National Vulnerability Database".
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.📖 Read
via "National Vulnerability Database".
🕴 Fighting Supply Chain Email Attacks With AI 🕴
📖 Read
via "Dark Reading".
Supply chain account takeover is the most pressing issue facing email security today, but artificial intelligence can head off such attempts.📖 Read
via "Dark Reading".
Dark Reading
Fighting Supply Chain Email Attacks With AI
Supply chain account takeover is the most pressing issue facing email security today, but artificial intelligence can head off such attempts.
🗓️ Tor Project heads to Russian court to appeal against censorship 🗓️
📖 Read
via "The Daily Swig".
Volunteers urged to build bridges while Tor contests blockade📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tor Project heads to Russian court to appeal against censorship
Volunteers urged to build bridges while Tor contests blockade
‼ CVE-2021-44122 ‼
📖 Read
via "National Vulnerability Database".
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22932 ‼
📖 Read
via "National Vulnerability Database".
Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44123 ‼
📖 Read
via "National Vulnerability Database".
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41766 ‼
📖 Read
via "National Vulnerability Database".
Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated deserialization attacks, the implementation used by Apache Karaf is not protected against this kind of attack. The impact of Java deserialization vulnerabilities strongly depends on the classes that are available within the targets class path. Generally speaking, deserialization of untrusted data does always represent a high security risk and should be prevented. The risk is low as, by default, Karaf uses a limited set of classes in the JMX server class path. It depends of system scoped classes (e.g. jar in the lib folder).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0251 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0359 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in Conda vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44120 ‼
📖 Read
via "National Vulnerability Database".
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44118 ‼
📖 Read
via "National Vulnerability Database".
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).📖 Read
via "National Vulnerability Database".
❌ Threat Actors Blanket Androids with Flubot, Teabot Campaigns ❌
📖 Read
via "Threat Post".
Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.📖 Read
via "Threat Post".
Threat Post
Threat Actors Blanket Androids with Flubot, Teabot Campaigns
Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.
🗓️ Android security tool APKLeaks patches critical vulnerability 🗓️
📖 Read
via "The Daily Swig".
The package flaw allowed a number of malicious activities to take place📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Android security tool APKLeaks patches critical vulnerability
The package flaw allowed a number of malicious activities to take place
🦿 IT pros say privacy regulations are more helpful than harmful 🦿
📖 Read
via "Tech Republic".
Cisco's 2022 data privacy study finds that privacy budgets are up, and companies are seeing good return on these investments.📖 Read
via "Tech Republic".
TechRepublic
IT pros say privacy regulations are more helpful than harmful
Cisco's 2022 data privacy study finds that privacy budgets are up, and companies are seeing good return on these investments.