π’ NEC and Fortinet partner to deliver high-performance security for 5G networks π’
π Read
via "ITPro".
The carrier solution will ensure end-to-end security while CSPs contend with increased trafficπ Read
via "ITPro".
IT PRO
NEC and Fortinet partner to deliver high-performance security for 5G networks | IT PRO
The carrier solution will ensure end-to-end security while CSPs contend with increased traffic
π’ Block accused of woefully mishandling data breach affecting 8.2 million users π’
π Read
via "ITPro".
Class-action lawsuit claims the company took too long to inform customers and failed to provide a sufficient explanation for the breachπ Read
via "ITPro".
IT PRO
Block accused of woefully mishandling data breach affecting 8.2 million users | IT PRO
Class-action lawsuit claims the company took too long to inform customers and failed to provide a sufficient explanation for the breach
π1
π’ More than 130 organisations affected by βinexperiencedβ Twilio hackers π’
π Read
via "ITPro".
A thorough investigation revealed sophisticated methods coupled with relatively unsophisticated toolingπ Read
via "ITPro".
IT PRO
More than 130 organisations affected by βinexperiencedβ Twilio hackers | IT PRO
A thorough investigation revealed sophisticated methods coupled with relatively unsophisticated tooling
π΄ LastPass Suffers Data Breach, Source Code Stolen π΄
π Read
via "Dark Reading".
Researchers warned that cyberattackers will be probing the code for weaknesses to exploit later.π Read
via "Dark Reading".
Dark Reading
LastPass Suffers Data Breach, Source Code Stolen
Researchers warned that cyberattackers will be probing the code for weaknesses to exploit later.
βΌ CVE-2021-3688 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3859 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20260 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4215 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25625 βΌ
π Read
via "National Vulnerability Database".
A malicious unauthorized PAM user can access the administration configuration data and change the values.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3427 βΌ
π Read
via "National Vulnerability Database".
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3754 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3651 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3574 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4216 βΌ
π Read
via "National Vulnerability Database".
A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3669 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35939 βΌ
π Read
via "National Vulnerability Database".
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3864 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3644 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3856 βΌ
π Read
via "National Vulnerability Database".
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3691 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3563 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.π Read
via "National Vulnerability Database".