CVE-2021-39361

Affected software: GNOME Evolution RSS (up to 0.3.96). Root cause: network-soup.c uses SoupSessionSync objects without TLS certificate verification. Impact: users are vulnerable to network MITM attacks. Remediation status not provided in the connected documents; CVE-2021-39361 is described as sim...

CVE-2021-39361

In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

CVE-2021-39361

In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

evolution-rss 信任管理问题漏洞

evolution-rss is This is an evolution plugin that enables evolution to read RSS feeds. A security vulnerability exists in GNOME evolution-rss 0.3.96 and earlier versions, which stems from the fact that network-soup.c in the program does not enable TLS certificate validation for the SoupSessionSyn...

Using “Master Faces” to Bypass Face-Recognition Authenticating Systems

Fascinating research: "Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution." Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high...

OpSec Leaky Images

Hackers love your marketing department. Fact! Your marketing department love telling the world what happens in your company, then they attach images to the posts, often of staff at work. They ensure the subject is central and the image tells a story. The problem is often they tell hackers a...

Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial

Often it feels like squid just evolved better than us mammals. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

CVE-2020-23238

Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...

CVE-2020-23238

Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...

Cross site scripting

Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...

CVE-2020-23238

Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...

CVE-2020-23238

CVE-2020-23238 affects Evolution CMS 2.0.2, with a Cross Site Scripting (XSS) vulnerability exposed via the Document Manager feature . The connected records corroborate the vulnerability across multiple sources, consistently describing an XSS issue in that version; no details on exploitation, aff...

Evolution CMS 跨站脚本漏洞

Evolution CMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in Evolution CMS version 2.0.2, which can be exploited by an attacker to cause a cross-site scripting vulnerability via the Document Manager feature...

Friday Squid Blogging: The Evolution of Squid

Good video about the evolutionary history of squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavi...

Location-and Device-agnostic Security for the Mobile Workforce

I've spent my entire career in technology and can still recall the time when a desktop PC was the only way to work. Truth be told, I'm also old enough to remember dumb terminals. I also remember my first company laptop -- a beast of a thing with a monochrome display so thick it came with an...

CVE-2021-31224

SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies...

CVE-2021-31220

SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies...

CVE-2021-35957

Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs in %WINDIR%\system32 with malicious ones...

CVE-2021-31222

SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed...