Channel address:
Categories:
Technologies
Language: English
Subscribers:
19.53K
Description from channel
🗞 The finest daily news on cybersecurity and privacy.
🔔 Daily releases.
💻 Is your online life secure?
📩 lalilolalo.dev@gmail.com
Ratings & Reviews
Reviews can be left only by registered users. All reviews are moderated by admins.
5 stars
0
4 stars
2
3 stars
0
2 stars
0
1 stars
1
The latest Messages 12
2021-10-21 22:55:06
Why Should My Organization Consider XDR? XDR is a newish industry term addressing a very old problem: security products that don't work together to detect threats.
Read
via "
Dark Reading".
38 views19:55
2021-10-21 22:00:46
US Treasury Outlines Compliance Best Practices for Cryptocurrency Companies The newly released guide is designed to emphasize sanctions compliance requirements amid the US government’s efforts to combat ransomware.
Read
via "".
62 views19:00
2021-10-21 21:37:09
CVE-2021-42327 dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.
Read
via "
National Vulnerability Database".
68 views18:37
2021-10-21 21:37:08
CVE-2021-28496 On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train
Read
via "
National Vulnerability Database".
61 views18:37
2021-10-21 21:37:07
CVE-2021-29873 IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
Read
via "
National Vulnerability Database".
51 views18:37
2021-10-21 21:37:06
CVE-2020-14263 "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"
Read
via "
National Vulnerability Database".
46 views18:37
2021-10-21 21:37:05
CVE-2020-27304 The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal
Read
via "
National Vulnerability Database".
41 views18:37
2021-10-21 21:37:04
CVE-2021-29883 IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090.
Read
via "
National Vulnerability Database".
40 views18:37
2021-10-21 21:37:03
CVE-2021-20120 The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.
Read
via "
National Vulnerability Database".
47 views18:37
2021-10-21 21:37:02
CVE-2021-28975 WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.
Read
via "
National Vulnerability Database".
48 views18:37