SAP Netweaver JAVA 7.50 Missing Authorization

Onapsis Security Advisory 2021-0013: CVE-2020-26829 - Missing Authentication Check In SAP NetWeaver AS JAVA P2P Cluster communication Impact on Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication, in order to connect to the...

What is Ransomware Attack❓ Detection, Removal and Examples

What is Ransomware? Any type of computer virus that encrypts and holds hostage the data of its victims is called a ransomeware. The basic information of a customer or company is encrypted, making it difficult to access documents, data sets, or apps. Then, in order to gain access, you must pay a...

Google Releases Security Updates for Chrome

Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30551—has been detected in exploits in the wild. CISA encourages users a...

SUSE: Security Advisory (SUSE-SU-2019:1486-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ColorNote 4.1.9 - Denial of Service Exploit

Exploit Title: ColorNote 4.1.9 - Denial of Service PoC Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.socialnmobile.dictapps.notepad.color.note&hl=esMX Version: 4.1.9 Category: DoS Android Vulnerability Color Note is vulnerable to a DoS condition when a...

GHSA-H4PC-GX2W-F2XV Heap OOB read in TFLite

Impact A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of SplitV: cc const int inputsize = SizeOfDimensioninput, axisvalue; If axisvalue is not a value between 0 and NumDimensionsinput, then the SizeOfDimension function will access data outside the...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1361 more potentially affected by CVE-2021-29556 via tensorflow (>=1.0.1 <=2.1.2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29556 Source advisory: OSV:GHSA-FXQH-CFJM-FP93...

Google Releases Security Updates for Chrome

Google has released Chrome version 90.0.4430.212 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Th...

Cross-site scripting in Joplin

Joplin allows XSS via a LINK element in a note...

Babuk Ransomware Gang Mulls Retirement

Just a few days after hackers bragged about purportedly raiding the computer systems of the Washington D.C. Metropolitan Police Department MPD and doxxing what looked like its data, the Babuk ransomware-as-a-service RaaS gang prepared a goodbye note saying that they’re hanging up its spurs...

Google Releases Security Updates for Chrome

Google has released Chrome version 90.0.4430.93 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...

PT-2022-9884 · Jhead +4 · Jhead +4

Name of the Vulnerable Software and Affected Versions: jhead versions 3.04 through 3.05 Description: A Denial of Service issue exists via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. Recommendations: For jhead versions 3.04 and 3.05, consider disabling the...

PT-2021-18239 · Hedgedoc · Hedgedoc

Name of the Vulnerable Software and Affected Versions: HedgeDoc versions prior to 1.5.0 Description: The issue affects HedgeDoc, an open-source collaborative markdown editor, where an attacker can receive arbitrary files from the file system when exporting a note to PDF. This exploit requires the...

Google Releases Security Updates for Chrome

Google has released Chrome version 90.0.4430.85 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...

CVE-2021-27604

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform Process Integration - Enterprise Service Repository JAVA Mappings, versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note...

[SECURITY] Fedora 34 Update: gnote-40~rc-1.fc34

Gnote is a desktop note-taking application which is simple and easy to use. It lets you organize your notes intelligently by allowing you to easily link ideas together with Wiki style interconnects. It is a port of Tomboy to C++ and consumes fewer resources...

HelloKitty: When Cyberpunk met cy-purr-crime

On February 9, after discovering a compromise, CD Projekt Red CDPR announced to its 1+ million followers on Twitter that it was the victim of a ransomware attack against its systems and made it clear they would not yield to the demands of the threat actors, nor negotiate. Cyberpunk 2077, the late...

Wordpress Team Members 跨站脚本漏洞

Wordpress Team Members is a Wordpress open source application plugin . Provide a team in the administration panel to add functionality . A cross-site scripting vulnerability exists in the Team Members WordPress plugin versions prior to 5.0.4. The vulnerability stems from the program not properly...

Apache OFBiz XML-RPC Java Deserialization

This module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.01 using the ROME gadget chain. Versions up to 18.12.11 are exploitable utilizing an auth bypass CVE-2023-51467 and use the...

Microsoft Exchange Exploits Pave a Ransomware Path

Cybercriminals are now using compromised Microsoft Exchange servers as a foothold to deploy a new ransomware family called DearCry, Microsoft has warned. The ransomware is the latest threat to beleaguer vulnerable Exchange servers, emerging shortly after Microsoft issued emergency patches in earl...