‼ CVE-2021-44663 ‼
📖 Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-10636 ‼
📖 Read
via "National Vulnerability Database".
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25306 ‼
📖 Read
via "National Vulnerability Database".
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14502 ‼
📖 Read
via "National Vulnerability Database".
The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14504 ‼
📖 Read
via "National Vulnerability Database".
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0546 ‼
📖 Read
via "National Vulnerability Database".
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14478 ‼
📖 Read
via "National Vulnerability Database".
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.📖 Read
via "National Vulnerability Database".
👍1
❌ The Harsh Truths of Cybersecurity in 2022, Part II ❌
📖 Read
via "Threat Post".
Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.📖 Read
via "Threat Post".
Threat Post
The Harsh Truths of Cybersecurity in 2022, Part II
Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.
‼ CVE-2021-44664 ‼
📖 Read
via "National Vulnerability Database".
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29217 ‼
📖 Read
via "National Vulnerability Database".
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23701 ‼
📖 Read
via "National Vulnerability Database".
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with a redirect to an attacker-controlled domain. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 4 (iLO 4).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39363 ‼
📖 Read
via "National Vulnerability Database".
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29216 ‼
📖 Read
via "National Vulnerability Database".
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29220 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39364 ‼
📖 Read
via "National Vulnerability Database".
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44665 ‼
📖 Read
via "National Vulnerability Database".
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43745 ‼
📖 Read
via "National Vulnerability Database".
A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function📖 Read
via "National Vulnerability Database".
🕴 Fears Rise of Potential Russian Cyberattacks on US, Allies Over Sanctions 🕴
📖 Read
via "Dark Reading".
If past is precedent, the cyber impact of the war in Ukraine could be broad and bruising, experts say.📖 Read
via "Dark Reading".
Dark Reading
Fears Rise of Potential Russian Cyberattacks on US, Allies Over Sanctions
If past is precedent, the cyber impact of the war in Ukraine could be broad and bruising, experts say.
‼ CVE-2022-23835 ‼
📖 Read
via "National Vulnerability Database".
** DISPUTED ** The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often, the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited, in addition to new ones.) NOTE: some vendors characterize this as not a "concrete and exploitable risk."📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0746 ‼
📖 Read
via "National Vulnerability Database".
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34361 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later📖 Read
via "National Vulnerability Database".