Important: kernel-livepatch-4.14.238-182.421

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.238-182.421 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.238-182.421 or yum update --advisory ALAS2LIVEPATCH-2021-055 to update your system. New...

CVE-2021-32751

Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the application plugin and the gradlew script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. Thi...

Top CVEs Trending with Cybercriminals

Criminal small talk in underground forums offer critical clues about which known Common Vulnerabilities and Exposures CVEs threat actors are most focused on. This, in turn, offers defenders clues on what to watch out for. An analysis of such chatter, by Cognyte, examined 15 cybercrime forums...

The Underground Exploit Market and the Importance of Virtual Patching

Over the past two calendar years, we conducted research on the underground exploit market to learn more about the life cycle of exploits, the kinds of buyers and sellers who transact, and the business models that are in effect in the underground...

All Vulnerabilities for mediaindonesia.com Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Microsoft Keeps Failing to Patch a Critical Windows Bug

For the second time in a month, the company issued an update that doesn't fully address a severe security vulnerability in Windows...

GHSA-GM2X-6475-G9R8 XSS Injection in Media Collection Title was possible

Impact A logged in admin user was possible to add a script injection XSS in the collection title which was executed. Workarounds Manual patching the js files. For more information If you have any questions or comments about this advisory:' - Email us at [email protected]...

Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online

A security vulnerability in Cisco Adaptive Security Appliance ASA that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept PoC exploit code. The PoC was published by researchers from...

U.S. Dept Of Defense: ███████ - XSS - CVE-2020-3580

████ appears to be affected by the Cisco ASA XSS CVE-2020-3580, This vulnerablity is targets the saml service within the VPN. It is triggered via a POST request to /+CSCOE+/saml/sp/acs?tgname=a References...

All Vulnerabilities for moodle.chnu.edu.ua Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft

Flaws impacting millions of internet of things IoT devices running NVIDIA’s Jetson chips open the door for a variety of hacks, including denial-of-service DoS attacks or the siphoning of data. NVIDIA released patches addressing nine high-severity vulnerabilities including eight additional bugs of...

GHSA-52QP-GWWH-QRG4 Missing Handler in @scandipwa/magento-scripts

Impact After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable. Patches Version 1.5.3 contains patches for the problems described above. Workarounds Upgrade to patched or latest...

GHSA-R578-PJ6F-R4FF Auto-merging Person Records Compromised

Impact New user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within the app, as well as any authenticated links to Rock-based webpages such as giving and events. Patches We have...

5 Critical Steps to Recover From a Ransomware Attack

Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities. A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Ventures predicts that a ransomware attack will occur every 11...

CVE-2021-21281

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data...

Increase visibility for on-premise and cloud workloads

Ensure each of your cloud workloads are properly managed, protected, and patched - without the slow down...

ALERT: Critical RCE Bug in VMware vCenter Server Under Active Attack

Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. The ongoing activity was detected by Bad Packets on June 3 and corroborated yesterday by...

Where Bug Bounty Programs Fall Flat

Eavesdropping on the chatter of 600+ cybercriminal forums shows that cybercriminals have specific preferences, shown by the flavors of exploits they requisition, and that the bug bounty programs either are too slow, don’t pay enough or are just the start of profit-making. A year-long study into t...

Grav CMS 1.7.10 - Code Execution Vulnerabilities

In the lineage of most recent flat-file PHP CMS, Grav CMS is a modern web platform to build fast, safe and extensible websites. It uses a modern technology stack with Twig, Symfony and Doctrine, and offers an administration dashboard that allows managing the whole website structure, pages, static...

Exploit for Improper Access Control in Oracle Communications_Diameter_Signaling_Router

weblogic-CVE-2019-2729-P...