Four Hong Kong dissidents charged with subversion were let out on bail late Friday after prosecutors at the last minute dropped an appeal
Vulnerabilities
Vulnerabilities
Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021
A vulnerability in the command line parameter parsing code of Sudo could allow an authenticated, local attacker to execute commands
7 iPad Guitar Apps
The various iPad guitar apps strewn across the Apple Store tug at the heartstrings of both beginners as well as
Fedora 32: wpa_supplicant 2021-1a2443baa0>
security fix for CVE-2021-0326 see also: https://w1.fi/security/2020-2/ ——————————————————————————– Fedora Update Notification FEDORA-2021-1a2443baa0 2021-02-20 01:33:46.075648 ———————————————————————–….Latest articles about Operating SystemsRead More
Backdoor.Win32.Inject.tyq / Insecure Permissions
Topic: Backdoor.Win32.Inject.tyq / Insecure Permissions Risk: High Text:Discovery / credits: Malvuln – malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/833868d3092bea833839a6b8ec19…CXSECURITY Database RSS
Backdoor.Win32.Ketch.h / Remote Stack Buffer Overflow (SEH)
Topic: Backdoor.Win32.Ketch.h / Remote Stack Buffer Overflow (SEH) Risk: High Text:Discovery / credits: Malvuln – malvuln.com (c) 2021 Original source:
Trojan-Proxy.Win32.Daemonize.i / Remote Denial of Service
Topic: Trojan-Proxy.Win32.Daemonize.i / Remote Denial of Service Risk: Low Text:Discovery / credits: Malvuln – malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/61bec9f22a5955e076e0d5ddf623…CXSECURITY
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)
FAQ. What devices are affected, and (potentially) how many devices are affected? The vulnerabilities described in this post affect ConnectPort
OpenText Content Server 20.3 Cross Site Scripting
Topic: OpenText Content Server 20.3 Cross Site Scripting Risk: Low Text:# Exploit Title: OpenText Content Server 20.3 – ‘multiple’ Stored
Recon-Informer v1.3 – Intel for offensive systems anti-reconnaissance (nmap) tool
Topic: Recon-Informer v1.3 – Intel for offensive systems anti-reconnaissance (nmap) tool Risk: Medium Text:# -*- coding: utf-8 -*- import logging,os,ctypes,sys,argparse,time,re
Beauty Parlour Management System 1.0 Cross Site Scripting
Topic: Beauty Parlour Management System 1.0 Cross Site Scripting Risk: Low Text:# Exploit Title: Beauty Parlour Management System 1.0 –
Comment System 1.0 Cross Site Scripting
Topic: Comment System 1.0 Cross Site Scripting Risk: Low Text:# Exploit Title: Comment System 1.0 – ‘multiple’ Stored Cross-Site Scripting
Hackers can infiltrate into your devices via Clubhouse, cyber security experts warn – The News Minute
Cyber security experts on Friday flagged invite-only audio conversation app Clubhouse and warned that hackers can distribute malicious code under
VMSA-2021-0001
Important Advisory ID: VMSA-2021-0001 CVSSv3 Range: 7.2 Issue Date: 2021-02-11 Updated On: 2021-02-11 (Initial Advisory) CVE(s): CVE-2021-21976 Synopsis: vSphere Replication
CVE-2020-27619 Informational: Impact of Python Test Suite Vulnerability CVE-2020-27619 (Severity: NONE)
Palo Alto Networks Security AdvisoriesRead More
PAN-SA-2021-0002 Informational: PAN-OS: Impact of NAT Slipstream v1.0 and v2.0 Attacks (Severity: NONE)
Palo Alto Networks Security AdvisoriesRead More
CVE-2021-3156 Informational: Impact of Sudo Vulnerability CVE-2021-3156 (Severity: NONE)
Palo Alto Networks Security AdvisoriesRead More
CVE-2021-3033 Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console (Severity: CRITICAL)
Palo Alto Networks Security AdvisoriesRead More
VMSA-2020-0029
Low Advisory ID: VMSA-2020-0029.1 CVSSv3 Range: 3.3 Issue Date: 2020-12-17 Updated On: 2021-02-09 CVE(s): CVE-2020-3999 Synopsis: VMware ESXi, Workstation, Fusion
Android javítások
A Google kiadta a 2021 februári Android frissítését, ami több mint 40 sérülékenységet javít az operációs rendszeren. A frissítés több
NASA’s Jet Propulsion Laboratory, Climate Change Visualization, Google News, More: Thursday Afternoon ResearchBuzz, January 14, 2021
NEW RESOURCES. NASA: Explore NASA’s Jet Propulsion Laboratory With the New Virtual Tour . “The interactive tour takes visitors to
NASA’s Jet Propulsion Laboratory, Climate Change Visualization, Google News, More: Thursday Afternoon ResearchBuzz, January 14, 2021
NEW RESOURCES. NASA: Explore NASA’s Jet Propulsion Laboratory With the New Virtual Tour . “The interactive tour takes visitors to
Google completes Fitbit deal amid antitrust concerns
SAN RAMON: Google has completed its US$2.1 billion acquisition of fitness-gadget maker Fitbit, a deal that could help the internet
Expert discovered a DoS vulnerability in F5 BIG-IP systems
The F5 BIG-IP Access Policy Manager is a secure, flexible, high-performance access management proxy solution that delivers unified global access
Samsung confirms Galaxy S21 series and future devices will not support MST for Samsung Pay, which enabled it to be used with legacy magnetic strip terminals (Ryne Hager/Android Police)
It uses Bluetooth Low Energy and will arrive on January 29th Alongside the new Galaxy S21 phones and Galaxy Buds
openSUSE: 2021:0058-1 moderate: cobbler>
An update that solves 6 vulnerabilities and has 58 fixes is now available. openSUSE Security Update: Security update for cobbler
Preparing a Client Environment for Threat Management
A key part of making any threat management program successful is ensuring it maps properly to the client’s needs. In
CVE-2021-21466 (business_warehouse, bw/4hana)
Current Description. SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100,
CVE-2021-21466 (business_warehouse, bw/4hana)
Current Description. SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100,
Preparing a Client Environment for Threat Management
A key part of making any threat management program successful is ensuring it maps properly to the client’s needs. In
Preparing a Client Environment for Threat Management
A key part of making any threat management program successful is ensuring it maps properly to the client’s needs. In
OS-Native Endpoint Security Outpaces Third-Party Tools
For the first two decades of the internet age, from the early 1990s to the 2010s, high-quality antivirus software that
OS-Native Endpoint Security Outpaces Third-Party Tools
For the first two decades of the internet age, from the early 1990s to the 2010s, high-quality antivirus software that
OS-Native Endpoint Security Outpaces Third-Party Tools
For the first two decades of the internet age, from the early 1990s to the 2010s, high-quality antivirus software that
OS-Native Endpoint Security Outpaces Third-Party Tools
For the first two decades of the internet age, from the early 1990s to the 2010s, high-quality antivirus software that
Microsoft patch kedd – 2021. január
A Microsoft 2021. január havi biztonsági frissítő csomagja összesen 83 db frissítést tartalmazott. A frissítés 10 kritikus, 73 magas kockázatú sérülékenységet javított, amelyek jellemzően biztonsági funkciók megkerülését, távoli kódfuttatást, valamint bizalmas információkhoz való hozzáférést tehetnek lehetővé a Microsoft Windows, az Edge böngésző, a ChakraCore, az Office és a Microsoft Office Services, valamint a Visual Studio, a Microsoft Malware Protection Engine, a .NET Core, az ASP .NET és az Azure rendszereken, alkalmazásokon.
CVE-2021-3032 PAN-OS: Configuration secrets for log forwarding may be logged in system logs (Severity: MEDIUM)
Palo Alto Networks Security AdvisoriesRead More
CVE-2021-3031 PAN-OS: Information exposure in Ethernet data frame construction (Etherleak) (Severity: MEDIUM)
Palo Alto Networks Security AdvisoriesRead More
PAN-SA-2021-0001 Informational: Cortex XSOAR: Impact of Golang XML parsing vulnerabilities (Severity: NONE)
Palo Alto Networks Security AdvisoriesRead More
VMSA-2020-0027
Important Advisory ID: VMSA-2020-0027.2 CVSSv3 Range: 7.2 Issue Date: 2020-11-23 Updated On: 2020-12-03 CVE(s): CVE-2020-4006 Synopsis: VMware Workspace One Access,
VMSA-2020-0028
Low Advisory ID: VMSA-2020-0028 CVSSv3 Range: 3.6 Issue Date: 2020-12-15 Updated On: 2020-12-15 (Initial Advisory) CVE(s): CVE-2020-4008 Synopsis: VMware Carbon
VMSA-2020-0029
Low Advisory ID: VMSA-2020-0029 CVSSv3 Range: 3.3 Issue Date: 2020-12-17 Updated On: 2020-12-17 (Initial Advisory) CVE(s): CVE-2020-3999 Synopsis: VMware ESXi,
CVE-2020-2037 PAN-OS: OS command injection vulnerability in the management web interface (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2019-1583 Escalation of Privilege in Twistlock (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
VMSA-2020-0025
Important Advisory ID: VMSA-2020-0025 CVSSv3 Range: 6.3- 7.5 Issue Date: 2020-11-18 Updated On: 2020-11-18 (Initial Advisory) CVE(s): CVE-2020-3984, CVE-2020-3985, CVE-2020-4000,
VMSA-2020-0026
Critical Advisory ID: VMSA-2020-0026.1 CVSSv3 Range: 8.8 – 9.3 Issue Date: 2020-11-19 Updated On: 2020-11-24 CVE(s): CVE-2020-4004, CVE-2020-4005 Synopsis: VMware
CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
PAN-SA-2020-0011 Informational: Impact of OpenSSL vulnerability CVE-2020-1971 (Severity: NONE)
Palo Alto Networks Security AdvisoriesRead More
CVE-2019-17436 Local Privilege Escalation in GlobalProtect App for Linux and Mac OS (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
PAN-SA-2019-0004 Cross-Site Scripting in Expedition Migration Tool (Severity: MEDIUM)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2020 Cortex XDR Agent: Exceptional condition denial-of-service (DoS) (Severity: MEDIUM)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2039 PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload (Severity: MEDIUM)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2001 PAN-OS: Panorama External control of file vulnerability leads to privilege escalation (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2019-17435 Local Privilege Escalation in GlobalProtect App for Windows (Severity: MEDIUM)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2044 PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history (Severity: LOW)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2042 PAN-OS: Buffer overflow in the management web interface (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2041 PAN-OS: Management web interface denial-of-service (DoS) (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2018-10143 Remote Code Execution in Expedition Migration Tool (Severity: CRITICAL)
Palo Alto Networks Security AdvisoriesRead More
PAN-SA-2020-0010 Informational: Cortex XSOAR: Impact of Linux and Docker vulnerabilities on Cortex XSOAR (Severity: NONE)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2043 PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs (Severity: LOW)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2049 Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2000 PAN-OS: OS command injection and memory corruption vulnerability (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2022 PAN-OS: Panorama session disclosure during context switch into managed device (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2048 PAN-OS: System proxy passwords may be logged in clear text while viewing system state (Severity: LOW)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2038 PAN-OS: OS command injection vulnerability in the management web interface (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2040 PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled (Severity: CRITICAL)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2050 PAN-OS: Authentication bypass vulnerability in GlobalProtect client certificate verification (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-1999 PAN-OS: Threat signatures are evaded by specifically crafted packets (Severity: MEDIUM)
Palo Alto Networks Security AdvisoriesRead More
CVE-2018-10142 Information Disclosure in Expedition Migration Tool (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
PAN-SA-2019-0004 Cross-Site Scripting in Expedition Migration Tool (Severity: MEDIUM)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2020 Cortex XDR Agent: Exceptional condition denial-of-service (DoS) (Severity: MEDIUM)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2039 PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload (Severity: MEDIUM)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2001 PAN-OS: Panorama External control of file vulnerability leads to privilege escalation (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2019-17435 Local Privilege Escalation in GlobalProtect App for Windows (Severity: MEDIUM)
Palo Alto Networks Security AdvisoriesRead More
CVE-2018-10143 Remote Code Execution in Expedition Migration Tool (Severity: CRITICAL)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2049 Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2044 PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history (Severity: LOW)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2042 PAN-OS: Buffer overflow in the management web interface (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2041 PAN-OS: Management web interface denial-of-service (DoS) (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2038 PAN-OS: OS command injection vulnerability in the management web interface (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
PAN-SA-2020-0010 Informational: Cortex XSOAR: Impact of Linux and Docker vulnerabilities on Cortex XSOAR (Severity: NONE)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2043 PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs (Severity: LOW)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-1999 PAN-OS: Threat signatures are evaded by specifically crafted packets (Severity: MEDIUM)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2000 PAN-OS: OS command injection and memory corruption vulnerability (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2022 PAN-OS: Panorama session disclosure during context switch into managed device (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2048 PAN-OS: System proxy passwords may be logged in clear text while viewing system state (Severity: LOW)
Palo Alto Networks Security AdvisoriesRead More
CVE-2018-10142 Information Disclosure in Expedition Migration Tool (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2040 PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled (Severity: CRITICAL)
Palo Alto Networks Security AdvisoriesRead More
CVE-2020-2050 PAN-OS: Authentication bypass vulnerability in GlobalProtect client certificate verification (Severity: HIGH)
Palo Alto Networks Security AdvisoriesRead More
Szoftverek biztonsági állapota
A Veracode kiadta a Szoftverbiztonság állapotáról szóló éves jelentését, ami már 11. alkalommal jelenik meg. A jelentés szerint a nyílt forráskódú könyvtárak egyre megbízhatatlanabbak és sokáig tart a hibák javítása a. A PHP rendelkezik a legtöbb hibával, amelyet a C ++, majd a Java, a .Net, a JavaScript és a Python követ.