Linux kernel vulnerability CVE-2021-29154
Linux kernel vulnerability CVE-2021-29154 Security Advisory Security Advisory Description BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, ...
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition.
For more information about these vulnerabilities, see the Details section...
Schneider Electric Enerlin'X Com’X 510
This advisory contains mitigations for a Improper Privilege Management vulnerability in Schneider Electric Enerlin'X Com’X 510 energy servers.
Softing OPC-UA C++ SDK
This advisory contains mitigations for an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Softing OPC-UA C++ Software Development Kit (SDK).
Advantech WebAccess/SCADA
This advisory contains mitigations for Open Redirect, and Relative Path Traversal vulnerabilities in the Advantech WebAccess/SCADA browser-based software package.
WAGO M&M Software fdtCONTAINER (Update C)
This updated advisory is a follow-up to the advisory update titled ICSA-21-021-05 WAGO M&M Software fdtCONTAINER (Update B) that was published February 16, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Deserialization of Untrusted Data...
Rockwell Automation ISaGRAF5 Runtime (Update A)
This updated advisory is a follow-up to the portal-to-web advisory titled ICSA-20-280-01P Rockwell Automation ISaGRAF5 Runtime. This advisory was originally posted to the HSIN ICS library on October 6, 2020, and was then published as ICSA-20-280-01 Rockwell Automation ISaGRAF5...
Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not...
Cisco DNA Center Certificate Validation Vulnerability
A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.
The vulnerability is due to an incomplete validation of the X.509 certificate...
Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability
A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP...
Cisco Meeting Server API Denial of Service Vulnerability
A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability exists because requests that are sent to the API are not properly...
Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.
This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this...
Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability
A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on...
Cisco Small Business 220 Series Smart Switches Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following:
Hijack a user session
Execute arbitrary commands as a root user on the underlying operating system
Conduct a cross-site scripting...
Cisco Jabber and Webex Client Software Shared File Manipulation Vulnerability
A vulnerability in Cisco Jabber and Cisco Webex (formerly Teams) could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface.
The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing...
Art Meets Cyber: NFTs Through A Hacker’s Eyes
When MetaKovan purchased Beeple’s NFT art for more than $69 million, my first thought was that it put my CryptoKitties collection to shame. My second thought was that any asset category with this much hype and media attention is an absolute dream for cyber criminals. With NFTs becoming mainstream, everyday scams are table stakes. For example, copycat domain names of sites like...
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021
On June 1, 2021, Lasso disclosed a security vulnerability in the Lasso Security Assertion Markup Language (SAML) Single Sign-On (SSO) library. This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application.
For a...
[R1] Nessus Agent 8.2.5 Fixes Multiple Vulnerabilities
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus Agent host.
Hit by a Ransomware Attack? Your Payment May be Deductible
As ransomware attacks surge, the FBI is doubling down on its guidance to affected businesses: Don’t pay the cybercriminals. But the U.S. government also offers a little-noticed incentive for those who do pay: The ransoms may be tax deductible.
read...
A Bug in the Android Google App Put Privacy at Risk
Plus: Airbnb's safety squad, a fake pharmacy crackdown, and more of the week's top security news.
Why You Suddenly Need To Delete Google Maps On Your iPhone
Hundreds of millions of iPhone users should stop using Google Maps after radical new update...
Why You Should Stop Sending Texts From Your Android Messages App
Millions of you are still putting your security at risk. Here's the serious problem you have...
Major Cyberattack on Poland Came from Russian Territory: Kaczynski
A recent "large scale" cyberattack targeting top Polish politicians was launched from Russia, Jaroslaw Kaczynski, the leader of Poland's governing right-wing party, said on Friday.
read more
