Design/Logic Flaw

Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite component: Sites. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful attacks of this...

CVE-2021-2306

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2021-2282

CVE-2021-2282 affects Oracle VM VirtualBox Core, with vulnerable versions before 6.1.20. The issue enables information disclosure or unauthorized data access when an unauthenticated user logs on to the infrastructure where VirtualBox runs. The practical impact is access to critical data or all Vi...

Oracle PeopleSoft Enterprise SCM eProcurement 输入验证错误漏洞

Oracle PeopleSoft Enterprise SCM eProcurement is an application from Oracle America, Inc. used for temporary user request items.Oracle PeopleSoft Enterprise SCM eProcurement is vulnerable to an input validation error that could be exploited by an attacker to update, insert, or delete accessible...

What COVID-19 Taught Us: Prepping Cybersecurity for the Next Crisis

Few could have anticipated the impact COVID-19 has had on business. It spread from an isolated outbreak to a global pandemic seemingly overnight, and IT leaders across the planet have had mixed success adjusting to the changes and uncertainty it has brought. While COVID-19 caught many businesses...

CVE-2021-24024

This CVE (CVE-2021-24024) affects FortiADCManager <= 5.3.0/5.2.1 and FortiADC

Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE

The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE. Note WPScanTeam: CSRF check and some file validation were added in v5.11, however a blacklist...

Imperva’s Comprehensive Data Security Platform for Cloud, Explained

Imperva recently introduced the industry’s first database-agnostic security platform specifically built for cloud. The Data Security solution unifies security management for organizations’ entire data environment, supporting databases wherever they’re hosted, including managed database services...

How the Work-From-Home Shift Impacts SaaS Security

The data is in. According to IBM Security's 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%. Moreover, 75% of...

A Quick Look Into Cloud Security Posture Management (CSPM)

The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security...

Shanghai Yishang Network Technology Co., Ltd. website building system has SQL injection vulnerability (CNVD-2021-26023)

Shanghai Yishang Network Technology Co., Ltd. is a company that provides all kinds of enterprises with enterprise website construction, website hosting and maintenance, webpage planning and design, graphic logo design, enterprise album design, cell phone website development, video presenter...

Weak Password Vulnerability in Various Gateways of Mapleton Technology Co.

Mapletree Technology Co., Ltd. is a leading provider of network products and solutions in China. A weak password vulnerability exists in a number of MyPlus Technology's gateways, which can be exploited by an attacker to log in to the backend and obtain sensitive information...

CVE-2019-10200

CVE-2019-10200 affects OpenShift Container Platform 4. By default, users who can create pods may schedule workloads on master nodes. If such pods use hostNetwork on a master node, they can retrieve credentials for the master AWS IAM role, potentially granting management access to AWS resources an...

Unisys Stealth (core) Authorization Issues Vulnerability

The unisys stealthcore is a firewall from Unisys. This firewall is easy to configure and expand, can be upgraded by micro-segmentation, and fully protects internal data security. Unisys Stealth core version 6.0.025.0 previously contained a security vulnerability that could be exploited by a local...

A New Paradigm in Data Security: Insider Risk Management

The pandemic was a force accelerator for digital transformation in the enterprise. It’s not just the dramatic remote work shift — it’s a profound shift toward prioritizing speed and flexibility as the drivers of a company’s competitive advantage. But as faster, more agile ways of working...

PT-2021-2504 · Microsoft · Visual Studio Code Python Extension

Name of the Vulnerable Software and Affected Versions: Visual Studio Code Python Extension affected versions not specified Description: The issue is related to incorrect code generation management in the Microsoft Visual Studio Code Python Extension. Exploitation of this issue may allow a remote...

The vulnerability of the Audio component in the Google Chrome browser allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Audio component in the Google Chrome browser is related to its use after release. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Oracle Business Intelligence Publisher Multiple Vulnerabilities (Jan 2021 CPU)

The version of Oracle Business Intelligence Publisher or Oracle Analytics Server 5.5 running on the remote host is 11.1.1.9.x prior to 11.1.1.9.210119, 12.2.1.3.x prior to 12.2.1.3.201216, 12.2.1.4.x prior to 12.2.1.4.201216, or 12.2.5.5.x OAS 5.5 prior to 12.2.5.5.201216. It is, therefore,...

NewStart CGSL CORE 5.04 / MAIN 5.04 : shim Vulnerability (NS-SA-2021-0009)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has shim packages installed that are affected by a vulnerability: - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows...

Five Ways Bad Bots Are Threatening Financial Services

For years now, the biggest security concerns for businesses in the financial services sector have mainly been related to data security, privacy, compliance and everything in between. Nevertheless, application security is equally as important and complex, as it consists of multiple potential attac...