‼ CVE-2021-43940 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43950 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before version 4.21.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43952 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43948 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43941 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43953 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.21.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46557 ‼
📖 Read
via "National Vulnerability Database".
Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46558 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields.📖 Read
via "National Vulnerability Database".
❌ TA2541: APT Has Been Shooting RATs at Aviation for Years ❌
📖 Read
via "Threat Post".
Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense.📖 Read
via "Threat Post".
Threat Post
TA2541: APT Has Been Shooting RATs at Aviation for Years
Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense.
🗓️ Grafana web security vulnerability opened a plethora of attack possibilities 🗓️
📖 Read
via "The Daily Swig".
Visualize this📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Grafana web security vulnerability opened a plethora of attack possibilities
Visualize this
🕴 How to Make Cybersecurity Effective and Invisible 🕴
📖 Read
via "Dark Reading".
Cybersecurity should be a shield that protects the business, not a barrier that holds it back.📖 Read
via "Dark Reading".
Dark Reading
How to Make Cybersecurity Effective and Invisible
Cybersecurity should be a shield that protects the business, not a barrier that holds it back.
‼ CVE-2022-23317 ‼
📖 Read
via "National Vulnerability Database".
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0596 ‼
📖 Read
via "National Vulnerability Database".
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23384 ‼
📖 Read
via "National Vulnerability Database".
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42712 ‼
📖 Read
via "National Vulnerability Database".
Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0597 ‼
📖 Read
via "National Vulnerability Database".
Open Redirect in Packagist microweber/microweber prior to 1.2.11.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24586 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41552 ‼
📖 Read
via "National Vulnerability Database".
CommScope URFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43734 ‼
📖 Read
via "National Vulnerability Database".
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.📖 Read
via "National Vulnerability Database".
🗓️ New tool can uncover redacted, pixelated text to reveal sensitive data 🗓️
📖 Read
via "The Daily Swig".
Developer warns that redaction method is insecure📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
New tool can uncover redacted, pixelated text to reveal sensitive data
Developer warns that redaction method is insecure
⚠ Google announces zero-day in Chrome browser – update now! ⚠
📖 Read
via "Naked Security".
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News