GHSA-26RR-V2J2-25FH Layout XML Arbitrary Code Fix

Impact Layout XML enabled admin users to execute arbitrary commands via block methods...

Layout XML Arbitrary Code Fix

Impact Layout XML enabled admin users to execute arbitrary commands via block methods...

The 4 most common bad bot attack methods targeting financial services

Organizations in the financial services sector are high-value targets for cybercriminals. In recent years, more sophisticated botnets and other bad bot attack methods have enabled malicious hackers to ratchet up the speed of attacks on this sector. The four most common ways hackers deploy botnets...

Security update for dbus-1 (moderate)

openSUSE Security Update: Security update for dbus-1 Announcement ID: openSUSE-SU-2021:1204-1 Rating: moderate References: 1172505 Cross-References: CVE-2020-12049 CVSS scores: CVE-2020-12049 NVD : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12049 SUSE: 5.5...

Security update for openexr (important)

openSUSE Security Update: Security update for openexr Announcement ID: openSUSE-SU-2021:1198-1 Rating: important References: 1188457 1188458 1188459 1188460 1188461 1188462 Cross-References: CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476 CV...

Security update for libspf2 (critical)

openSUSE Security Update: Security update for libspf2 Announcement ID: openSUSE-SU-2021:1187-1 Rating: critical References: 1189104 Cross-References: CVE-2021-20314 Affected Products: openSUSE Leap 15.2 openSUSE Backports SLE-15-SP3 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 An...

Criminals exploited weak checks and old tech to pull off vast COVID benefit fraud

In life, when you encounter something momentuous—a sudden job loss, a routine check-up that revealed an illness you cant afford the medical bills for—you can be assured that the federal or state government has benefits you can apply for it. And where there are benefits, you can also be assured th...

Security Misconfiguration☝️ — What you need to know

Security Misconfiguration☝️ — What you need to know Introduction API7:2019 Security Misconfiguration ‍What is Security Misconfiguration? There are several factors that might indicate a Security Misconfiguration. We should be very careful with handling configurations because if the correct security...

Security update for isync (moderate)

openSUSE Security Update: Security update for isync Announcement ID: openSUSE-SU-2021:1185-1 Rating: moderate References: 1186939 Cross-References: CVE-2021-3578 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available. Description: This update for...

Security update for dbus-1 (moderate)

openSUSE Security Update: Security update for dbus-1 Announcement ID: openSUSE-SU-2021:2810-1 Rating: moderate References: 1172505 Cross-References: CVE-2020-12049 CVSS scores: CVE-2020-12049 NVD : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12049 SUSE: 5.5...

Security update for openexr (important)

openSUSE Security Update: Security update for openexr Announcement ID: openSUSE-SU-2021:2793-1 Rating: important References: 1188457 1188458 1188459 1188460 1188461 1188462 Cross-References: CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476 CV...

Attackers use Morse code, other encryption methods in evasive phishing campaign

Cybercriminals attempt to change tactics as fast as security and protection technologies do. During our year-long investigation of a targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation...

Attackers use Morse code, other encryption methods in evasive phishing campaign

Cybercriminals attempt to change tactics as fast as security and protection technologies do. During our year-long investigation of a targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation...

Recommended update for seamonkey (low)

openSUSE Security Update: Recommended update for seamonkey Announcement ID: openSUSE-SU-2021:1129-1 Rating: low References: Affected Products: openSUSE Backports SLE-15-SP3 An update that contains security fixes can now be installed. Description: This update ships seamonkey to openSUSE Leap 15.3...

Security update for linuxptp (important)

openSUSE Security Update: Security update for linuxptp Announcement ID: openSUSE-SU-2021:1102-1 Rating: important References: 1187646 Cross-References: CVE-2021-3570 CVSS scores: CVE-2021-3570 NVD : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3570 SUSE: 8.8...

CVE-2021-36454

Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...

CVE-2021-21865

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...

DEBIAN-CVE-2021-32810

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

UBUNTU-CVE-2021-32810

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

PT-2021-7767 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System version 3.5.16 Description: A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone functionality. This vulnerability can be triggered by a specially crafted file, leadin...