βΌ CVE-2021-41112 βΌ
π Read
via "National Vulnerability Database".
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25015 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41111 βΌ
π Read
via "National Vulnerability Database".
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerability in versions 3.4.5 and 3.3.15. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22844 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26181 βΌ
π Read
via "National Vulnerability Database".
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.π Read
via "National Vulnerability Database".
π΄ Invicti Security Adds Software Composition Analysis to Its Industry- Leading AppSec Platform π΄
π Read
via "Dark Reading".
Invicti SCA enables users to track and secure open-source components to reduce security risk.π Read
via "Dark Reading".
Dark Reading
Invicti Security Adds Software Composition Analysis to Its Industry- Leading AppSec Platform
Invicti SCA enables users to track and secure open-source components to reduce security risk.
π΄ Deep Instinct 2022 Threat Landscape Report Finds 125% Increase in Threat Types and Novel Evasion Techniques π΄
π Read
via "Dark Reading".
The Deep Instinct Threat Research team monitored attack volumes and types and extrapolated their findings to predict where the future of cybersecurity is heading, determine what motivates attackers, and lays out the steps organizations can take now in order to protect themselves in the future.π Read
via "Dark Reading".
Dark Reading
Deep Instinct 2022 Threat Landscape Report Finds 125% Increase in Threat Types and Novel Evasion Techniques
The Deep Instinct Threat Research team monitored attack volumes and types and extrapolated their findings to predict where the future of cybersecurity is heading, determine what motivates attackers, and lays out the steps organizations can take now in orderβ¦
βΌ CVE-2021-45414 βΌ
π Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27014 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27013 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27009 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27011 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27015 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27012 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27010 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27008 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27016 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
π΄ CISO Checklist for Offboarding Security Staff π΄
π Read
via "Dark Reading".
The Great Resignation strikes cybersecurity teams too. Here's a checklist for CISOs to ensure security is retained even as security staff is not.π Read
via "Dark Reading".
Dark Reading
CISO Checklist for Offboarding Security Staff
The Great Resignation strikes cybersecurity teams, too. Here's a checklist for CISOs to ensure security is retained even when security staff is not.
βΌ CVE-2022-25029 βΌ
π Read
via "National Vulnerability Database".
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter under /admin/?page=members/view_member&id=2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25413 βΌ
π Read
via "National Vulnerability Database".
Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25409 βΌ
π Read
via "National Vulnerability Database".
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.π Read
via "National Vulnerability Database".