‼ CVE-2021-43941 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43953 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.21.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46557 ‼
📖 Read
via "National Vulnerability Database".
Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46558 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields.📖 Read
via "National Vulnerability Database".
❌ TA2541: APT Has Been Shooting RATs at Aviation for Years ❌
📖 Read
via "Threat Post".
Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense.📖 Read
via "Threat Post".
Threat Post
TA2541: APT Has Been Shooting RATs at Aviation for Years
Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense.
🗓️ Grafana web security vulnerability opened a plethora of attack possibilities 🗓️
📖 Read
via "The Daily Swig".
Visualize this📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Grafana web security vulnerability opened a plethora of attack possibilities
Visualize this
🕴 How to Make Cybersecurity Effective and Invisible 🕴
📖 Read
via "Dark Reading".
Cybersecurity should be a shield that protects the business, not a barrier that holds it back.📖 Read
via "Dark Reading".
Dark Reading
How to Make Cybersecurity Effective and Invisible
Cybersecurity should be a shield that protects the business, not a barrier that holds it back.
‼ CVE-2022-23317 ‼
📖 Read
via "National Vulnerability Database".
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0596 ‼
📖 Read
via "National Vulnerability Database".
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23384 ‼
📖 Read
via "National Vulnerability Database".
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42712 ‼
📖 Read
via "National Vulnerability Database".
Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0597 ‼
📖 Read
via "National Vulnerability Database".
Open Redirect in Packagist microweber/microweber prior to 1.2.11.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24586 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41552 ‼
📖 Read
via "National Vulnerability Database".
CommScope URFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43734 ‼
📖 Read
via "National Vulnerability Database".
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.📖 Read
via "National Vulnerability Database".
🗓️ New tool can uncover redacted, pixelated text to reveal sensitive data 🗓️
📖 Read
via "The Daily Swig".
Developer warns that redaction method is insecure📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
New tool can uncover redacted, pixelated text to reveal sensitive data
Developer warns that redaction method is insecure
⚠ Google announces zero-day in Chrome browser – update now! ⚠
📖 Read
via "Naked Security".
Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-24587 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24684 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44960 ‼
📖 Read
via "National Vulnerability Database".
In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24585 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.📖 Read
via "National Vulnerability Database".