EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mesa Labs Equipment: AmegaView Vulnerabilities: Command Injection, Improper Authentication, Authentication Bypass Using an Alternate Path or Channel, Improper Privilege Management 2. RISK EVALUATION...
10AI Score
0.003EPSS
Now Launching: SOTI?Phishing For Finance
It's that time again -- the launch of the second State of the Internet / Security report of 2021. While Akamai has access to some of the largest security data sets in the world, our viewpoint is limited to the traffic that traverses our networks and is seen by our...
3.2AI Score
6.6AI Score
0.006EPSS
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset...
6.1CVSS
5.9AI Score
0.033EPSS
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset...
6.1CVSS
5.9AI Score
0.045EPSS
Browser lockers: extortion disguised as a fine
Browser lockers (aka browlocks) are a class of online threats that prevent the victim from using the browser and demand a ransom. A locker is a fake page that dupes the user, under a fictitious pretext (loss of data, legal liability, etc.), into making a call or a money transfer, or giving out...
0.4AI Score
Finalists announced in second annual Microsoft Security 20/20 awards
2020 was a transformational year. Seemingly overnight, COVID-19 reshaped our perspective on work, home life, and security. Setting up home offices and powering through online presentations in our pajama bottoms (with cameos by pets and children), our industry rose to the challenge. All that...
0.7AI Score
Finalists announced in second annual Microsoft Security 20/20 awards
2020 was a transformational year. Seemingly overnight, COVID-19 reshaped our perspective on work, home life, and security. Setting up home offices and powering through online presentations in our pajama bottoms (with cameos by pets and children), our industry rose to the challenge. All that...
0.7AI Score
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and...
8.8CVSS
8.8AI Score
0.004EPSS
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through....
5.9CVSS
5.9AI Score
0.002EPSS
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through....
5.9CVSS
5.9AI Score
0.002EPSS
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and...
8.8CVSS
8.7AI Score
0.004EPSS
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through....
5.9AI Score
0.002EPSS
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and...
7.1AI Score
0.004EPSS
Inspiring the Next Generation with DigiGirlz
(photo courtesy of Microsoft) DigiGirlz is an initiative organized by Microsoft to engage girls in technological education and careers. The initiative, which launched in 2000, consists of two main programs: DigiGirlz Day and High Tech Camp. This program has been a cornerstone of Microsoft's...
-0.3AI Score
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9030)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9030 advisory. An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c...
8.3AI Score
Unbreakable Enterprise kernel security update
[4.1.12-124.47.3] - sysctl: handle overflow in proc_get_long (Christian Brauner) [Orabug: 31588015] [4.1.12-124.47.2] - mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350932] {CVE-2020-12653} - lockd: don't use interval-based rebinding over TCP...
8.1CVSS
0.5AI Score
Exploit for Vulnerability in Facade Ignition
CVE-2021-3129 Laravel debug rce 食用方法 执行`docker-compse up...
9.8CVSS
9.3AI Score
FBI Warn Hackers are Using Hijacked Home Security Devices for 'Swatting'
Stolen email passwords are being used to hijack smart home security systems to “swat” unsuspecting users, the Federal Bureau of Investigation warned this week. The announcement comes after concerned device manufacturers alerted law enforcement about the issue. Swatting is a dangerous prank where...
-0.1AI Score
The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of...
9.8CVSS
7.6AI Score
0.249EPSS
The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of...
9.8CVSS
9.5AI Score
0.323EPSS
The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of...
7.1AI Score
0.278EPSS
6.1CVSS
-0.4AI Score
mon-espace-douche.com Cross Site Scripting vulnerability OBB-1470389
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
News overview Q3 was relatively calm from a DDoS perspective. There were no headline innovations, although cybercriminals did continue to master techniques and develop malware already familiar to us from the last reporting period. For example, another DDoS botnet joined in the assault on Docker...
-0.1AI Score
espace-emplois.fr Cross Site Scripting vulnerability OBB-1455125
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
0.1AI Score
espace-mandela-lca.com Cross Site Scripting vulnerability OBB-1449506
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line....
7.2CVSS
7.2AI Score
0.972EPSS
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line....
7.2CVSS
7.2AI Score
0.973EPSS
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line....
7.3AI Score
0.973EPSS
** DISPUTED ** The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the...
7.2CVSS
1.7AI Score
CISO Stressbusters: 7 tips for weathering the cybersecurity storms
An essential requirement of being a Chief Information Security Officer (CISO) is stakeholder management. In many organizations, security is still seen as a support function; meaning, any share of the budget you receive may be viewed jealously by other departments. Bringing change to an...
-0.6AI Score
CISO Stressbusters: 7 tips for weathering the cybersecurity storms
An essential requirement of being a Chief Information Security Officer (CISO) is stakeholder management. In many organizations, security is still seen as a support function; meaning, any share of the budget you receive may be viewed jealously by other departments. Bringing change to an...
-0.6AI Score
CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know
Updates September 16, 2020 Samba domain controllers before 4.8 have been confirmed to be vulnerable to CVE-2020-1472. There are now multiple public PoC exploits available, most if not all of which are modifications to Secura’s original PoC built on Impacket. There are reports of the...
0.3AI Score
espace-client.fletesia.fr Cross Site Scripting vulnerability OBB-1334639
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
Disinformation Spurs a Thriving Industry as U.S. Election Looms
In the years since the 2016 U.S. Presidential Election, threat actors have pieced together a new playbook for sowing confusion and doubt within the American electorate. On Wednesday, researchers with Cisco Talos released a report [PDF] that details how a number of these new sophisticated campaigns....
-0.3AI Score
Chris Vickery: AI Will Drive Tomorrow’s Data Breaches
From malicious hacks to accidental misconfigurations, Chris Vickery has seen it all. But as cybercriminals continue to innovate, Vickery, the director of risk research with UpGuard, said one emerging security threat will “blindside” the world: “fakeable” voices. More bad actors using artificial...
-0.5AI Score
espace-emplois.fr Cross Site Scripting vulnerability OBB-1225367
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the....
7.5CVSS
7.7AI Score
0.002EPSS
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the....
7.5CVSS
7.7AI Score
0.002EPSS
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the....
7.5CVSS
7.7AI Score
0.002EPSS
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about two recently detected variants of existing Linux botnet malware types targeting exposed Docker servers. Also, read about a group.....
0.3AI Score
There are three denial of service (DoS) vulnerabilities in the SIP module of some Huawei...
7.7AI Score
0.002EPSS
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed...
7.5CVSS
7.6AI Score
0.004EPSS
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed...
7.5CVSS
7.6AI Score
0.004EPSS
There is a denial of service (DoS) vulnerability in some huawei products when handle TLS and DTLS handshake with certificate. This VT has been deprecated and is therefore no longer...
5.4AI Score
0.002EPSS
A remote code execution vulnerability exists in the open-source JSON parsing library Fastjson. This VT has been deprecated and is therefore no longer...
8.2AI Score
There is a weak algorithm vulnerability in some Huawei...
0.1AI Score
There is an input validation vulnerability in Huawei Multiple products. This VT has been deprecated and is therefore no longer...
8.9AI Score
0.003EPSS
Huawei Data Communication: Five Vulnerabilities in Some Huawei Products (huawei-sa-20191211-01-ssp)
There is an out-of-bounds read vulnerability in some Huawei...
5.8AI Score
0.001EPSS