messages23.html

<!DOCTYPE html>
<html>

 <head>

  <meta charset="utf-8"/>
<title>Exported Data</title>
  <meta content="width=device-width, initial-scale=1.0" name="viewport"/>

  <link href="css/style.css" rel="stylesheet"/>

  <script src="js/script.js" type="text/javascript">

  </script>

 </head>

 <body onload="CheckLocation();">

  <div class="page_wrap">

   <div class="page_header">

    <div class="content">

     <div class="text bold">
🛡 Cybersecurity &amp; Privacy news 🛡 
     </div>

    </div>

   </div>

   <div class="page_body chat_page">

    <div class="history">

     <a class="pagination block_link" href="messages22.html">
Previous messages
     </a>

     <div class="message service" id="message-738">

      <div class="body details">
13 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22098">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 15:50:04">
15:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Huntress Acquires EDR Technology From Level Effect 🕴</strong><br><br><code>Huntress seeks to improve its detection and response capabilities with a more comprehensive view of endpoint security.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/huntress-acquires-edr-technology-from-level-effect/d/d-id/1339893?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22099">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 15:50:05">
15:50
       </div>

       <div class="text">
<strong>🕴 Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation 🕴</strong><br><br><code>Aimed at developing offensive cyber talent, last weekend&apos;s sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/virtual-pen-testing-competition-tasks-college-students-with-running-a-red-team-operation/d/d-id/1339890?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22100">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 18:09:53">
18:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 CES 2021: All of the business tech news you need to know 🦿</strong><br><br><code>Don&apos;t miss TechRepublic&apos;s CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.</code><br><br><a href="https://www.techrepublic.com/article/ces-2021-all-of-the-business-tech-news-you-need-to-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22101">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 19:11:40">
19:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns 🕴</strong><br><br><code>Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/solarwinds-attackers-may-have-hit-mimecast-driving-new-concerns/d/d-id/1339895?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22102">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:35">
20:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-1310 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website, bypassing the Webex URL check that should result in a warning before the redirection to the web page. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to convince users to unknowingly visit malicious sites.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1310">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22103">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:36">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1192 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1192">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22104">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:37">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1209 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1209">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22105">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:38">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1307 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1307">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22106">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:39">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1202 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1202">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22107">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:43">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1240 ‼</strong><br><br><code>A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user&amp;rsquo;s account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1240">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22108">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:44">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1146 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22109">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:45">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1150 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1150">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22110">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:45">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1144 ‼</strong><br><br><code>A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An authenticated attacker without administrative privileges could exploit this vulnerability by sending a modified HTTP request to an affected device. A successful exploit could allow the attacker to alter the passwords of any user on the system, including an administrative user, and then impersonate that user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1144">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22111">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:46">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1236 ‼</strong><br><br><code>Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1236">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22112">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:50">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1156 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1156">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22113">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:51">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-9140 ‼</strong><br><br><code>There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9140">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22114">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:51">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1148 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1148">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22115">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:52">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1159 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1159">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22116">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:53">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-9143 ‼</strong><br><br><code>There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9143">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22117">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:57">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1201 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1201">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22118">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:58">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1200 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1200">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22119">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:59">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1207 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1207">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22120">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:48:59">
20:48
       </div>

       <div class="text">
<strong>‼ CVE-2021-1206 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1206">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22121">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:49:00">
20:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-1181 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1181">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22122">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:39">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1204 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1204">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22123">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:40">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1163 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1163">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22124">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:40">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1239 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1239">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22125">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:41">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1193 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1193">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22126">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:42">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1145 ‼</strong><br><br><code>A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1145">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22127">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:46">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1189 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1189">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22128">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:47">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1149 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1149">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22129">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:48">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1188 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1188">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22130">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:48">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1242 ‼</strong><br><br><code>A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1242">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22131">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:49">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1162 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1162">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22132">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:53">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1216 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1216">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22133">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:54">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1173 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1173">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22134">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:55">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-9203 ‼</strong><br><br><code>There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer&apos;s use experience.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9203">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22135">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:56">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-9139 ‼</strong><br><br><code>There is a improper input validation vulnerability in some Huawei Smartphone.Successful exploit of this vulnerability can cause memory access errors and denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9139">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22136">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:54:56">
20:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-1179 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1179">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22137">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:55:00">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-1190 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1190">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22138">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:55:01">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-1196 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1196">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22139">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:55:02">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-1165 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1165">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22140">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:55:03">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-1160 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1160">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22141">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 20:55:04">
20:55
       </div>

       <div class="text">
<strong>🦿 CES 2021: All of the business tech news you need to know 🦿</strong><br><br><code>Don&apos;t miss TechRepublic&apos;s CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.</code><br><br><a href="https://www.techrepublic.com/article/ces-2021-all-of-the-business-tech-news-you-need-to-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22142">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 21:00:42">
21:00
       </div>

       <div class="text">
<strong>‼ CVE-2021-1215 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1215">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22143">

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 21:00:44">
21:00
       </div>

       <div class="text">
<strong>‼ CVE-2021-1311 ‼</strong><br><br><code>A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1311">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22144">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.01.2021 21:19:48">
21:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 CES 2021: All of the business tech news you need to know 🦿</strong><br><br><code>Don&apos;t miss TechRepublic&apos;s CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.</code><br><br><a href="https://www.techrepublic.com/article/ces-2021-all-of-the-business-tech-news-you-need-to-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-739">

      <div class="body details">
14 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22145">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 03:49:02">
03:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-16119 ‼</strong><br><br><code>Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16119">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22146">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 03:49:03">
03:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-3138 ‼</strong><br><br><code>In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3138">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22147">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 09:50:01">
09:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Why cyberinsurance can save your business 🦿</strong><br><br><code>The threat of loss of an entire company from a cyberattack is real. Technology and user education help, but not enough.</code><br><br><a href="https://www.techrepublic.com/article/why-cyberinsurance-can-save-your-business/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22148">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 10:41:43">
10:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Ring Adds End-to-End Encryption to Quell Security Uproar ❌</strong><br><br><code>The optional feature was released free to users in a technical preview this week, adding a new layer of security to service, which has been plagued by privacy concerns.</code><br><br><a href="https://threatpost.com/ring-adds-end-to-end-encryption-to-quell-security-uproar/163042/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22149">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 12:13:17">
12:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Vulnerability Management Has a Data Problem 🕴</strong><br><br><code>Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/vulnerability-management-has-a-data-problem/a/d-id/1339827?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22150">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 12:49:33">
12:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28470 ‼</strong><br><br><code>This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28470">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22151">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 12:49:34">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-20618 ‼</strong><br><br><code>Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20618">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22152">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 12:49:36">
12:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-20617 ‼</strong><br><br><code>Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20617">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22153">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 12:49:37">
12:49
       </div>

       <div class="text">
<strong>🦿 CES 2021: All of the business tech news you need to know 🦿</strong><br><br><code>Don&apos;t miss TechRepublic&apos;s CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.</code><br><br><a href="https://www.techrepublic.com/article/ces-2021-all-of-the-business-tech-news-you-need-to-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22154">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 13:13:33">
13:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Who Is Responsible for Protecting Physical Security Systems From Cyberattacks? 🕴</strong><br><br><code>It&apos;s a question that continues to engage debate, as the majority of new physical security devices being installed are now connected to a network. While this offers myriad benefits, it also raises the question: Who is responsible for their cybersecurity?</code><br><br><a href="https://www.darkreading.com/who-is-responsible-for-protecting-physical-security-systems-from-cyberattacks/d/d-id/1339898?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22155">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 13:50:43">
13:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep15: Titan keys, Mimecast certs and Solarwinds [Podcast] ⚠</strong><br><br><code>Latest episode. Listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/14/s3-ep15-titan-keys-mimecast-certs-and-solarwinds-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22156">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:03:04">
14:03
       </div>

       <div class="text">
<strong>❌ Cloud Attacks Are Bypassing MFA, Feds Warn ❌</strong><br><br><code>CISA has issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted.</code><br><br><a href="https://threatpost.com/cloud-attacks-bypass-mfa-feds/163056/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22157">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:32:29">
14:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Telegram Bots at Heart of Classiscam Scam-as-a-Service ❌</strong><br><br><code>The cybercriminal service has scammed victims out of $6.5 million and continues to spread on Telegram.</code><br><br><a href="https://threatpost.com/telegram-bots-classiscam-scam/163061/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22158">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:37">
14:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29587 ‼</strong><br><br><code>SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html() function to directly append the payload to a dialog.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29587">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22159">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:38">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-6776 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or submitting a malicious form. A successful exploit allows the attacker to perform arbitrary actions with the privileges of the victim, e.g. creating and modifying user accounts, changing system configuration settings and cause DoS conditions. Note: For Bosch PRAESIDEO 4.31 and newer and Bosch PRAESENSA in all versions, the confidentiality impact is considered low because user credentials are not shown in the web interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6776">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22160">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:39">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-29019 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22161">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:40">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-29018 ‼</strong><br><br><code>A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29018">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22162">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:41">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-21722 ‼</strong><br><br><code>A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21722">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22163">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:45">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-29015 ‼</strong><br><br><code>A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22164">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:46">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-29017 ‼</strong><br><br><code>An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29017">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22165">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:46">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-23926 ‼</strong><br><br><code>The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23926">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22166">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:47">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-24122 ‼</strong><br><br><code>When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24122">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22167">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:48">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-27368 ‼</strong><br><br><code>Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27368">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22168">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:52">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-6777 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin privileges to mount a stored Cross-Site-Scripting (XSS) attack against another user. When the victim logs into the management interface, the stored script code is executed in the context of his browser. A successful exploit would allow an attacker to interact with the management interface with the privileges of the victim. However, as the attacker already needs admin privileges, there is no additional impact on the management interface itself.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6777">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22169">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:53">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-26733 ‼</strong><br><br><code>Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26733">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22170">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:53">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-29016 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29016">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22171">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:54">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-26732 ‼</strong><br><br><code>Skyworth GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26732">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22172">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 14:49:55">
14:49
       </div>

       <div class="text">
<strong>🦿 US government warns of cyberattacks targeting cloud services 🦿</strong><br><br><code>Such attacks often occur when employees work remotely and use a mixture of personal and business devices to access cloud services.</code><br><br><a href="https://www.techrepublic.com/article/us-government-warns-of-cyberattacks-targeting-cloud-services/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22173">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 16:20:11">
16:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 CES 2021: All of the business tech news you need to know 🦿</strong><br><br><code>Don&apos;t miss TechRepublic&apos;s CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.</code><br><br><a href="https://www.techrepublic.com/article/ces-2021-all-of-the-business-tech-news-you-need-to-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22174">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 16:43:52">
16:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Hackers Leak Stolen COVID-19 Vaccine Data Online 🔏</strong><br><br><code>The breach has not affected the efficacy or approval of the vaccine in Europe.</code><br><br><a href="https://digitalguardian.com/blog/hackers-leak-stolen-covid-19-vaccine-data-online">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22175">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 17:02:38">
17:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Florida Ethics Officer Charged with Cyberstalking ❌</strong><br><br><code>Judge bars former Tallahassee city ethics officer from internet-connected devices after her arrest for cyberstalking.</code><br><br><a href="https://threatpost.com/florida-ethics-officer-charged-cyberstalking/163074/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22176">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 18:42:56">
18:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 NSA Recommends Using Only &apos;Designated&apos; DNS Resolvers 🕴</strong><br><br><code>Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.</code><br><br><a href="https://www.darkreading.com/cloud/nsa-recommends-using-only-designated-dns-resolvers/d/d-id/1339901?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22177">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 18:49:50">
18:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-22132 ‼</strong><br><br><code>Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22132">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22178">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 18:49:51">
18:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-21261 ‼</strong><br><br><code>Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.9.4. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.9.4.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21261">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22179">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 19:32:43">
19:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Facebook: Malicious Chrome Extension Developers Scraped Profile Data ❌</strong><br><br><code>Facebook has sued two Chrome devs for scraping user profile data - including names, user IDs and more.</code><br><br><a href="https://threatpost.com/facebook-malicious-chrome-extension-developers-scraped-profile-data/163079/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22180">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 19:42:57">
19:42
       </div>

       <div class="text">
<strong>🕴 Businesses Struggle with Cloud Availability as Attackers Take Aim 🕴</strong><br><br><code>Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.</code><br><br><a href="https://www.darkreading.com/cloud/businesses-struggle-with-cloud-availability-as-attackers-take-aim/d/d-id/1339904?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22181">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 19:50:38">
19:50
       </div>

       <div class="text">
<strong>⚠ Europol announces bust of “world’s biggest” dark web marketplace ⚠</strong><br><br><code>Dark web servers are hard to find - but not impossible.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/14/europol-announces-bust-of-worlds-biggest-dark-web-marketplace/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22182">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 20:12:58">
20:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 &apos;Chimera&apos; Threat Group Abuses Microsoft &amp; Google Cloud Services 🕴</strong><br><br><code>Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/chimera-threat-group-abuses-microsoft-and-google-cloud-services/d/d-id/1339905?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22183">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 20:21:12">
20:21
       </div>

       <div class="text">
<strong>🦿 CES 2021: All of the business tech news you need to know 🦿</strong><br><br><code>Don&apos;t miss TechRepublic&apos;s CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.</code><br><br><a href="https://www.techrepublic.com/article/ces-2021-all-of-the-business-tech-news-you-need-to-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22184">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 20:21:14">
20:21
       </div>

       <div class="text">
<strong>🦿 How to install Eternal Terminal for persistent SSH connections 🦿</strong><br><br><code>If you have trouble with SSH connections breaking, Jack Wallen shows you how you can enjoy a bit more persistence with the help of Eternal Terminal.</code><br><br><a href="https://www.techrepublic.com/article/how-to-install-eternal-terminal-for-persistent-ssh-connections/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22185">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 20:50:37">
20:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29494 ‼</strong><br><br><code>Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29494">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22186">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 20:50:38">
20:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-29493 ‼</strong><br><br><code>DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application&apos;s backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29493">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22187">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 20:50:38">
20:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-6572 ‼</strong><br><br><code>Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6572">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22188">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 20:50:39">
20:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-16046 ‼</strong><br><br><code>Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16046">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22189">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 20:50:40">
20:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-29495 ‼</strong><br><br><code>DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application&apos;s underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29495">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22190">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 20:50:41">
20:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-16045 ‼</strong><br><br><code>Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16045">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22191">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 21:13:01">
21:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses 🕴</strong><br><br><code>A new machine learning tool aims to mine privacy policies on behalf of users.</code><br><br><a href="https://www.darkreading.com/risk/shifting-privacy-landscape-disruptive-technologies-will-test-businesses/d/d-id/1339906?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22192">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 22:50:05">
22:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-27219 ‼</strong><br><br><code>In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27219">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22193">

      <div class="body">

       <div class="pull_right date details" title="14.01.2021 22:50:06">
22:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-27220 ‼</strong><br><br><code>The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command &amp; control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command &amp; control messages targeted at a different device of the same tenant without corresponding permissions getting checked.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27220">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-740">

      <div class="body details">
15 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22194">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 08:50:37">
08:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-35581 ‼</strong><br><br><code>A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35581">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22195">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 08:50:38">
08:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-23836 ‼</strong><br><br><code>An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. The injected payload will be executed in the browser of a user whenever one visits the affected module page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23836">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22196">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 08:50:39">
08:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-23835 ‼</strong><br><br><code>An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23835">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22197">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 08:50:40">
08:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-23838 ‼</strong><br><br><code>An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper input sanitization. For example, a malicious user can leverage this vulnerability to steal cookies from a victim user and perform a session-hijacking attack, which may then lead to unauthorized access to the site.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23838">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22198">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 08:50:42">
08:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-35582 ‼</strong><br><br><code>A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35582">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22199">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 08:50:43">
08:50
       </div>

       <div class="text">
<strong>‼ CVE-2021-23837 ‼</strong><br><br><code>An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected parameter (which retrieves the file contents of the specified folder) was found to be accepting malicious user input without proper sanitization, thus leading to SQL injection. Database related information can be successfully retrieved.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23837">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22200">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 12:13:29">
12:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 These Kids Are All Right 🕴</strong><br><br><br><br><a href="https://www.darkreading.com/edge/theedge/these-kids-are-all-right/b/d-id/1339909?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22201">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 12:13:30">
12:13
       </div>

       <div class="text">
<strong>🕴 Name That Toon: Before I Go ... 🕴</strong><br><br><code>Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.</code><br><br><a href="https://www.darkreading.com/edge/theedge/name-that-toon-before-i-go-/b/d-id/1339903?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22202">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 12:13:32">
12:13
       </div>

       <div class="text">
<strong>🕴 How to Achieve Collaboration Tool Compliance 🕴</strong><br><br><code>Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.</code><br><br><a href="https://www.darkreading.com/how-to-achieve-collaboration-tool-compliance-/a/d-id/1339834?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22203">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 12:44:20">
12:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Friday Five 1/15 🔏</strong><br><br><code>Deepfakes, ransomware tactics, and Signal clones - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-1/15">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22204">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 12:47:22">
12:47
       </div>

       <div class="text">
<strong>🛠 WhatWeb Scanner 0.5.5 🛠</strong><br><br><code>WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.</code><br><br><a href="https://packetstormsecurity.com/files/160968/WhatWeb-0.5.5.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22205">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 12:55:53">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2019-16961 ‼</strong><br><br><code>SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16961">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22206">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 12:55:53">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-35733 ‼</strong><br><br><code>An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35733">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22207">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 13:20:32">
13:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 CES 2021: All of the business tech news you need to know 🦿</strong><br><br><code>Don&apos;t miss TechRepublic&apos;s CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.</code><br><br><a href="https://www.techrepublic.com/article/ces-2021-all-of-the-business-tech-news-you-need-to-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22208">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 14:25:05">
14:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Google Boots 164 Apps from Play Marketplace for Shady Ad Practices ❌</strong><br><br><code>The tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year.</code><br><br><a href="https://threatpost.com/google-boots-164-apps-from-play/163091/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22209">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 14:25:06">
14:25
       </div>

       <div class="text">
<strong>🦿 How next-gen cloud SIEM tools can offer critical visibility companies for effective threat hunting 🦿</strong><br><br><code>Virtual workforces face escalated threats due to their remote access from various networks. Learn how security information and event management tools can help in the battle.</code><br><br><a href="https://www.techrepublic.com/article/how-next-gen-cloud-siem-tools-can-offer-critical-visibility-companies-for-effective-threat-hunting/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22210">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 14:33:35">
14:33
       </div>

       <div class="text">
<strong>❌ Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls ❌</strong><br><br><code>Security researchers lambasted the controversial macOS Big Sur feature for exposing users&apos; sensitive data.</code><br><br><a href="https://threatpost.com/apple-kills-macos-feature-allowing-apps-to-bypass-firewalls/163099/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22211">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 14:43:31">
14:43
       </div>

       <div class="text">
<strong>🕴 Successful Malware Incidents Rise as Attackers Shift Tactics 🕴</strong><br><br><code>As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/successful-malware-incidents-rise-as-attackers-shift-tactics/d/d-id/1339912?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22212">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 14:51:07">
14:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-22168 ‼</strong><br><br><code>A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22168">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22213">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 14:51:09">
14:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-22166 ‼</strong><br><br><code>An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22166">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22214">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 14:51:10">
14:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-22167 ‼</strong><br><br><code>An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22167">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22215">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 14:51:11">
14:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-26414 ‼</strong><br><br><code>An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26414">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22216">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 14:51:12">
14:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-22171 ‼</strong><br><br><code>Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim&apos;s API token if they click on a maliciously crafted link</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22171">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22217">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 14:51:13">
14:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-20189 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20189">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22218">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 18:51:08">
18:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-24640 ‼</strong><br><br><code>There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24640">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22219">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 18:51:09">
18:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-21244 ‼</strong><br><br><code>OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation completely.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21244">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22220">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 18:51:09">
18:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-21243 ‼</strong><br><br><code>OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks. This issue may lead to pre-auth RCE. This issue was fixed in 4.0.3 by not using deserialization at KubernetesResource side.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22221">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 18:51:11">
18:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-24639 ‼</strong><br><br><code>There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24639">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22222">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 18:51:12">
18:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-24641 ‼</strong><br><br><code>In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24641">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22223">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 18:51:13">
18:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-24638 ‼</strong><br><br><code>Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24638">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22224">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 19:03:44">
19:03
       </div>

       <div class="text">
<strong>❌ Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’ ❌</strong><br><br><code>Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472.</code><br><br><a href="https://threatpost.com/microsoft-implements-windows-zerologon-flaw-enforcement-mode/163104/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22225">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 19:33:46">
19:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show ❌</strong><br><br><code>Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures.</code><br><br><a href="https://threatpost.com/tractors-pod-ice-cream-lipstick-ces-2021-worst/163117/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22226">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 20:51:18">
20:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21250 ‼</strong><br><br><code>OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migrate(buildSpecString); which processes the XML document without preventing the expansion of external entities. These entities can be configured to read arbitrary files from the file system and dump their contents in the final XML document to be migrated. If the files are dumped in properties included in the YAML file, it will be possible for an attacker to read them. If not, it is possible for an attacker to exfiltrate the contents of these files Out Of Band. This issue was addressed in 4.0.3 by ignoring ENTITY instructions in xml file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21250">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22227">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 20:51:19">
20:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-21245 ‼</strong><br><br><code>OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader(&quot;File-Name&quot;)`). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21245">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22228">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 20:51:20">
20:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-21247 ‼</strong><br><br><code>OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application&apos;s BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login page. This listener decodes and deserializes the `data` query parameter. We can access this listener by submitting a POST request to any page. This issue may lead to `post-auth RCE` This endpoint is subject to authentication and, therefore, requires a valid user to carry on the attack. This issue was addressed in 4.0.3 by encrypting serialization payload with secrets only known to server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21247">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22229">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 20:51:21">
20:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-3162 ‼</strong><br><br><code>Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3162">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22230">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 20:51:22">
20:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-21251 ‼</strong><br><br><code>OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical &quot;zip slip&quot; vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library method leveraging Apache Commons Compress. During the untar process, there are no checks in place to prevent an untarred file from traversing the file system and overriding an existing file. For a successful exploitation, the attacker requires a valid __JobToken__ which may not be possible to get without using any of the other reported vulnerabilities. But this should be considered a vulnerability in `io.onedev.commons.utils.TarUtils` since it lives in a different artifact and can affect other projects using it. This issue was addressed in 4.0.3 by validating paths in tar archive to only allow them to be in specified folder when extracted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21251">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22231">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 20:51:26">
20:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-25533 ‼</strong><br><br><code>An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25533">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22232">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 20:51:27">
20:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-21249 ‼</strong><br><br><code>OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default (when not using `SafeConstructor`) allows the instantiation of arbitrary classes. We can leverage that to run arbitrary code by instantiating classes such as `javax.script.ScriptEngineManager` and using `URLClassLoader` to load the script engine provider, resulting in the instantiation of a user controlled class. For a full example refer to the referenced GHSA. This issue was addressed in 4.0.3 by only allowing certain known classes to be deserialized</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21249">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22233">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 20:51:28">
20:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-21242 ‼</strong><br><br><code>OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or authorization checks. This issue may lead to pre-auth remote code execution. This issue was fixed in 4.0.3 by removing AttachmentUploadServlet and not using deserialization</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21242">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22234">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 20:51:29">
20:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-21248 ‼</strong><br><br><code>OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job parameters can run arbitrary code on OneDev&apos;s server by injecting arbitrary Groovy code. The ultimate result is in the injection of a static constructor that will run arbitrary code. For a full example refer to the referenced GHSA. This issue was addressed in 4.0.3 by escaping special characters such as quote from user input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21248">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22235">

      <div class="body">

       <div class="pull_right date details" title="15.01.2021 20:51:29">
20:51
       </div>

       <div class="text">
<strong>‼ CVE-2021-21246 ‼</strong><br><br><code>OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/{id}` endpoint there are no security checks enforced so it is possible to retrieve arbitrary user details including their Access Tokens! These access tokens can be used to access the API or clone code in the build spec via the HTTP(S) protocol. It has permissions to all projects accessible by the user account. This issue may lead to `Sensitive data leak` and leak the Access Token which can be used to impersonate the administrator or any other users. This issue was addressed in 4.0.3 by removing user info from restful api.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21246">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-741">

      <div class="body details">
17 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22236">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.01.2021 03:52:59">
03:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3113 ‼</strong><br><br><code>Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin&apos;s cookie if the admin account happens to be logged in when the allActiveSession request occurs, and can then use that cookie immediately for admin access,</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3113">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-742">

      <div class="body details">
18 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22237">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 08:51:54">
08:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – Staying safe online at home (especially if you’re homeschooling!) ⚠</strong><br><br><code>Here&apos;s our latest live video talk - enjoy!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/18/naked-security-live-staying-safe-online-at-home-especially-if-youre-homeschooling/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22238">

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 08:54:56">
08:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-25176 ‼</strong><br><br><code>An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 2 of 3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25176">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22239">

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 08:54:57">
08:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-25178 ‼</strong><br><br><code>An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25178">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22240">

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 08:54:57">
08:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-25294 ‼</strong><br><br><code>OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an __destruct magic method in guzzlehttp.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25294">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22241">

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 08:54:58">
08:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-25173 ‼</strong><br><br><code>An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25173">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22242">

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 08:54:59">
08:54
       </div>

       <div class="text">
<strong>‼ CVE-2021-25177 ‼</strong><br><br><code>An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 3 of 3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25177">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22243">

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 08:55:03">
08:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-25295 ‼</strong><br><br><code>OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25295">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22244">

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 08:55:04">
08:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-25175 ‼</strong><br><br><code>An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 1 of 3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25175">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22245">

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 08:55:05">
08:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-25174 ‼</strong><br><br><code>An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25174">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22246">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 10:54:32">
10:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28473 ‼</strong><br><br><code>The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28473">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22247">

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 10:54:33">
10:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-28476 ‼</strong><br><br><code>All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28476">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22248">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 13:06:14">
13:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Medical Device Security: Diagnosis Critical ❌</strong><br><br><code>Medical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced.</code><br><br><a href="https://threatpost.com/medical-device-security/163127/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22249">

      <div class="body">

       <div class="pull_right date details" title="18.01.2021 13:14:16">
13:14
       </div>

       <div class="text">
<strong>🛠 OpenStego Free Steganography Solution 0.8.0 🛠</strong><br><br><code>OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).</code><br><br><a href="https://packetstormsecurity.com/files/160992/openstego-0.8.0.zip">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-743">

      <div class="body details">
19 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22250">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 03:55:31">
03:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29450 ‼</strong><br><br><code>Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application&apos;s availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29450">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22251">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 03:55:32">
03:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-20619 ‼</strong><br><br><code>Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20619">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22252">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 10:55:55">
10:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28478 ‼</strong><br><br><code>This affects the package gsap before 3.6.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28478">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22253">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 10:55:56">
10:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-28477 ‼</strong><br><br><code>This affects all versions of package immer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28477">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22254">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 10:55:57">
10:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-28472 ‼</strong><br><br><code>This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28472">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22255">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 12:07:03">
12:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Attackers Steal E-Mails, Info from OpenWrt Forum ❌</strong><br><br><code>Users of the Linux-based open-source firmware—which include developers from commercial router companies--may be targeted by phishing campaigns, administrators warn.</code><br><br><a href="https://threatpost.com/attackers-e-mails-openwrt-forum/163136/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22256">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 12:15:08">
12:15
       </div>

       <div class="text">
<strong>🛠 Falco 0.27.0 🛠</strong><br><br><code>Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.</code><br><br><a href="https://packetstormsecurity.com/files/161026/falco-0.27.0.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22257">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 12:18:09">
12:18
       </div>

       <div class="text">
<strong>🕴 A Security Practitioner&apos;s Guide to Encrypted DNS 🕴</strong><br><br><code>Best practices for a shifting visibility landscape.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/a-security-practitioners-guide-to-encrypted-dns/a/d-id/1339847?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22258">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 12:55:59">
12:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-23522 ‼</strong><br><br><code>Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23522">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22259">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 12:56:00">
12:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-23342 ‼</strong><br><br><code>A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23342">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22260">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 12:56:01">
12:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-20950 ‼</strong><br><br><code>Bleichenbacher&apos;s attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher&apos;s oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20950">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22261">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 12:56:02">
12:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-35128 ‼</strong><br><br><code>Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22262">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 12:56:03">
12:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-35129 ‼</strong><br><br><code>Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22263">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 13:07:09">
13:07
       </div>

       <div class="text">
<strong>❌ Linux Devices Under Attack by New FreakOut Malware ❌</strong><br><br><code>The FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks.</code><br><br><a href="https://threatpost.com/linux-attack-freakout-malware/163137/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22264">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 13:52:40">
13:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 New AI software can turn regular security cameras into COVID-19 policy enforcement points 🦿</strong><br><br><code>Now being trialed in Georgia smart city Peachtree Corners, the new tech can pick up on people standing too close together and detect whether someone is wearing a mask.</code><br><br><a href="https://www.techrepublic.com/article/new-ai-software-can-turn-regular-security-cameras-into-covid-19-policy-enforcement-points/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22265">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:07:05">
14:07
       </div>

       <div class="text">
<strong>❌ SolarWinds Malware Arsenal Widens with Raindrop ❌</strong><br><br><code>The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks.</code><br><br><a href="https://threatpost.com/solarwinds-malware-arsenal-raindrop/163153/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22266">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:04">
14:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28481 ‼</strong><br><br><code>The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28481">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22267">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:04">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-28482 ‼</strong><br><br><code>This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: &apos;/&apos;, sameSite: true } 2. The CSRF token was available in the GET query parameter</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28482">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22268">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:05">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2021-3182 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3182">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22269">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:07">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-27733 ‼</strong><br><br><code>Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27733">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22270">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:07">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2021-3184 ‼</strong><br><br><code>MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3184">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22271">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:09">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-4871 ‼</strong><br><br><code>IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4871">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22272">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:10">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2021-25325 ‼</strong><br><br><code>MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25325">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22273">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:11">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-28480 ‼</strong><br><br><code>The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object&apos;s key and set the value is not properly sanitized, leading to a Prototype Pollution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28480">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22274">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:12">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-4881 ‼</strong><br><br><code>IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 190851.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4881">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22275">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:13">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-4873 ‼</strong><br><br><code>IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4873">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22276">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:14">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2021-3181 ‼</strong><br><br><code>rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3181">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22277">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:14">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2021-3183 ‼</strong><br><br><code>Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3183">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22278">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:15">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2021-25323 ‼</strong><br><br><code>The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25323">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22279">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:16">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2021-25324 ‼</strong><br><br><code>MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25324">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22280">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:17">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2021-22498 ‼</strong><br><br><code>XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22498">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22281">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 14:56:18">
14:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-28479 ‼</strong><br><br><code>The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28479">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22282">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 15:16:45">
15:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Most Pressing Concerns Facing CISOs Today 🕴</strong><br><br><code>Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.</code><br><br><a href="https://www.darkreading.com/risk/the-most-pressing-concerns-facing-cisos-today/a/d-id/1339858?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22283">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 15:22:42">
15:22
       </div>

       <div class="text">
<strong>🦿 CES 2021: All of the business tech news you need to know 🦿</strong><br><br><code>Don&apos;t miss TechRepublic&apos;s CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.</code><br><br><a href="https://www.techrepublic.com/article/ces-2021-all-of-the-business-tech-news-you-need-to-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22284">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 15:22:43">
15:22
       </div>

       <div class="text">
<strong>🦿 How to enable enhanced randomize MAC addresses on Android 🦿</strong><br><br><code>Android 11 allows users to enable the Wi-Fi-Enhanced MAC randomization. Jack Wallen shows you how.</code><br><br><a href="https://www.techrepublic.com/article/how-to-enable-enhanced-randomize-mac-addresses-on-android/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22285">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 16:22:35">
16:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Politics and online privacy: How American Republicans and Democrats differ, and where they agree 🦿</strong><br><br><code>A report from NordVPN finds disagreement on which political leader does better on privacy issues, whether disinformation should be banned, and what the biggest cyberthreat is.</code><br><br><a href="https://www.techrepublic.com/article/politics-and-online-privacy-how-american-republicans-and-democrats-differ-and-where-they-agree/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22286">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 16:22:36">
16:22
       </div>

       <div class="text">
<strong>🦿 CES 2021: All of the business tech news you need to know 🦿</strong><br><br><code>Don&apos;t miss TechRepublic&apos;s CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.</code><br><br><a href="https://www.techrepublic.com/article/ces-2021-all-of-the-business-tech-news-you-need-to-know/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22287">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 16:22:37">
16:22
       </div>

       <div class="text">
<strong>🦿 10 trends shaping the security industry in 2021 🦿</strong><br><br><code>Increased use of edge computing could &quot;put AI everywhere,&quot; according to Hikvision&apos;s trends roundup.</code><br><br><a href="https://www.techrepublic.com/article/10-trends-shaping-the-security-industry-in-2021/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22288">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 16:52:34">
16:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 FBI warns of voice phishing attacks targeting employees at large companies 🦿</strong><br><br><code>Using VoIP calls, the attackers trick people into logging into phishing sites as a way to steal their usernames and passwords.</code><br><br><a href="https://www.techrepublic.com/article/fbi-warns-of-voice-phishing-attacks-targeting-employees-at-large-companies/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22289">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 16:56:08">
16:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-27270 ‼</strong><br><br><code>SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump &amp; AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27270">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22290">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 16:56:08">
16:56
       </div>

       <div class="text">
<strong>‼ CVE-2021-20190 ‼</strong><br><br><code>A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20190">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22291">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 16:56:09">
16:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-27272 ‼</strong><br><br><code>SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn&apos;t use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22292">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 16:56:10">
16:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-8581 ‼</strong><br><br><code>Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8581">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22293">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 16:56:11">
16:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-27276 ‼</strong><br><br><code>SOOIL Developments Co Ltd DiabecareRS,AnyDana-i &amp; AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i &amp; AnyDana-A mobile apps doesn&apos;t use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27276">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22294">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 16:56:15">
16:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-35929 ‼</strong><br><br><code>In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35929">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22295">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 17:17:04">
17:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 $332 Million in GDPR Fines Issued to Date 🔏</strong><br><br><code>The figure, about 272.5 million euros, corresponds to 281,000 data breach notifications issued by regulators across Europe since GDPR went into effect.</code><br><br><a href="https://digitalguardian.com/blog/332-million-gdpr-fines-issued-date">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22296">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 17:37:19">
17:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Rob Joyce to Take Over as NSA Cybersecurity Director ❌</strong><br><br><code>Joyce will replace Anne Neuberger, who is now deputy national security advisor for the incoming Biden administration.</code><br><br><a href="https://threatpost.com/rob-joyce-nsa-cybersecurity-director/163160/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22297">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 17:47:03">
17:47
       </div>

       <div class="text">
<strong>🕴 4 Intriguing Email Attacks Detected by AI in 2020 🕴</strong><br><br><code>Here&apos;s to the sneakiest of the sneaky. These clever phishing messages -- that standard validation measures often missed -- deserve proper dishonor.</code><br><br><a href="https://www.darkreading.com/4-intriguing-email-attacks-detected-by-ai-in-2020/d/d-id/1339927?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22298">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 18:25:17">
18:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21263 ‼</strong><br><br><code>Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21263">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22299">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 18:25:18">
18:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-14409 ‼</strong><br><br><code>SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14409">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22300">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 18:25:19">
18:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-14410 ‼</strong><br><br><code>SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14410">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22301">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 19:07:16">
19:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ DNSpooq Flaws Allow DNS Hijacking of Millions of Devices ❌</strong><br><br><code>Seven flaws in open-source software Dnsmasq could allow DNS cache poisoning attacks and remote code execution.</code><br><br><a href="https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22302">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 19:25:15">
19:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SolarWinds Attack Underscores &apos;New Dimension&apos; in Cyber-Espionage Tactics 🕴</strong><br><br><code>Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/solarwinds-attack-underscores-new-dimension-in-cyber-espionage-tactics/d/d-id/1339928?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22303">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 19:46:46">
19:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft to Launch &apos;Enforcement Mode&apos; for Zerologon Flaw 🕴</strong><br><br><code>Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/microsoft-to-launch-enforcement-mode-for-zerologon-flaw/d/d-id/1339933?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22304">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 19:52:38">
19:52
       </div>

       <div class="text">
<strong>🦿 The aftermath of the SolarWinds breach: Organizations need to be more vigilant 🦿</strong><br><br><code>Security experts say organizations are, and should, implement a number of changes ranging from how they vet vendors to handling application updates.</code><br><br><a href="https://www.techrepublic.com/article/the-aftermath-of-the-solarwinds-breach-organizations-need-to-be-more-vigilant/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22305">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 20:22:07">
20:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Vulnerabilities in Popular DNS Software Allow Poisoning 🕴</strong><br><br><code>Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/vulnerabilities-in-popular-dns-software-allow-poisoning/d/d-id/1339934?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22306">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 20:26:20">
20:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-27264 ‼</strong><br><br><code>In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27264">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22307">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 20:26:21">
20:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-29598 ‼</strong><br><br><code>The My AIA SG application 1.2.6 for Android allows attackers to obtain user credentials via logcat because of excessive logging.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29598">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22308">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 20:26:22">
20:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-27269 ‼</strong><br><br><code>In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27269">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22309">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 20:26:23">
20:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-27256 ‼</strong><br><br><code>In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27256">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22310">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 20:26:24">
20:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-11997 ‼</strong><br><br><code>Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11997">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22311">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 20:26:25">
20:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-27266 ‼</strong><br><br><code>In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27266">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22312">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 20:26:26">
20:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-27268 ‼</strong><br><br><code>In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27268">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22313">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 20:26:27">
20:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-27258 ‼</strong><br><br><code>In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27258">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22314">

      <div class="body">

       <div class="pull_right date details" title="19.01.2021 20:26:28">
20:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-28707 ‼</strong><br><br><code>The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. The stockdio_eventer function listens for any postMessage event. After a message event is sent to the application, this function sets the &quot;e&quot; variable as the event and checks that the types of the data and data.method are not undefined (empty) before proceeding to eval the data.method received from the postMessage. However, on a different website. JavaScript code can call window.open for the vulnerable WordPress instance and do a postMessage(msg,&apos;*&apos;) for that object.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28707">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-744">

      <div class="body details">
20 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22315">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 03:26:46">
03:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-19362 ‼</strong><br><br><code>Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19362">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22316">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 03:26:47">
03:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-13134 ‼</strong><br><br><code>Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13134">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22317">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 03:26:48">
03:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-27851 ‼</strong><br><br><code>Multiple stored HTML injection vulnerabilities in the &quot;poll&quot; and &quot;quiz&quot; features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27851">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22318">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 03:26:48">
03:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-27850 ‼</strong><br><br><code>A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27850">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22319">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 03:26:49">
03:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-19363 ‼</strong><br><br><code>Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19363">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22320">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 03:26:50">
03:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-3137 ‼</strong><br><br><code>XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3137">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22321">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 03:26:51">
03:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-19361 ‼</strong><br><br><code>Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19361">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22322">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 03:26:52">
03:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-13133 ‼</strong><br><br><code>Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13133">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22323">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 03:26:52">
03:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-19364 ‼</strong><br><br><code>OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19364">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22324">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 03:26:53">
03:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-27852 ‼</strong><br><br><code>A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27852">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22325">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 03:26:57">
03:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-19360 ‼</strong><br><br><code>Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19360">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22326">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 03:26:58">
03:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-25385 ‼</strong><br><br><code>Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25385">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22327">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 12:17:18">
12:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Tips for a Bulletproof War Room Strategy 🕴</strong><br><br><code>The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it&apos;s packets.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/tips-for-a-bulletproof-war-room-strategy/a/d-id/1339860?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22328">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 12:27:05">
12:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-3110 ‼</strong><br><br><code>The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3110">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22329">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 12:27:07">
12:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-35217 ‼</strong><br><br><code>Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35217">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22330">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 12:27:08">
12:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-23326 ‼</strong><br><br><code>This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23326">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22331">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 12:38:28">
12:38
       </div>

       <div class="text">
<strong>❌ Google Research Pinpoints Security Soft Spot in Multiple Chat Platforms ❌</strong><br><br><code>Mystery of spying using popular chat apps uncovered by Google Project Zero researcher.</code><br><br><a href="https://threatpost.com/google-research-pinpoints-security-soft-spot-in-multiple-chat-platforms/163175/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22332">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 13:52:59">
13:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Are you more likely to be murdered IRL or hacked online? The existential question of our times has been answered 🦿</strong><br><br><code>Atlas VPN drills down into a Gallup poll to understand Americans&apos; perceived threat level. It turns out 55% are more worried about cyberattacks.</code><br><br><a href="https://www.techrepublic.com/article/are-you-more-likely-to-be-murdered-irl-or-hacked-online-the-existential-question-of-our-times-has-been-answered/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22333">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:08:17">
14:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Investment Scammers Prey on Dating App Users, Interpol Warns ❌</strong><br><br><code>Users of dating apps - like Tinder, Match and Bumble - should be on the lookout for investment-fraud scammers.</code><br><br><a href="https://threatpost.com/investment-scammers-dating-app-interpol/163179/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22334">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:12">
14:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-4887 ‼</strong><br><br><code>IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4887">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22335">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:13">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-2092 ‼</strong><br><br><code>Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2092">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22336">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:14">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-4983 ‼</strong><br><br><code>IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM X-Force ID: 192586.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4983">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22337">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:15">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1998 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1998">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22338">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:17">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-2101 ‼</strong><br><br><code>Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2101">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22339">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:18">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-35272 ‼</strong><br><br><code>Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22340">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:19">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-2034 ‼</strong><br><br><code>Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2034">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22341">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:20">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-2029 ‼</strong><br><br><code>Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in takeover of Oracle Scripting. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2029">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22342">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:21">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-2027 ‼</strong><br><br><code>Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2027">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22343">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:22">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-2024 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22344">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:23">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-2028 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2028">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22345">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:24">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-2022 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2022">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22346">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:25">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1997 ‼</strong><br><br><code>Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Report). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1997">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22347">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:26">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-4688 ‼</strong><br><br><code>IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4688">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22348">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:27">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-14360 ‼</strong><br><br><code>A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14360">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22349">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:28">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1993 ‼</strong><br><br><code>Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 4.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1993">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22350">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:29">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-25685 ‼</strong><br><br><code>A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25685">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22351">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:31">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-2058 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2058">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22352">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:32">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-2032 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2032">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22353">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:27:33">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1994 ‼</strong><br><br><code>Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1994">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22354">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:20">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2121 ‼</strong><br><br><code>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2121">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22355">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:21">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2127 ‼</strong><br><br><code>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22356">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:23">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2036 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2036">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22357">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:24">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2014 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 5.7.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2014">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22358">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:24">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2039 ‼</strong><br><br><code>Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Search). Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel Core - Server Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - Server Framework accessible data as well as unauthorized update, insert or delete access to some of Siebel Core - Server Framework accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2039">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22359">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:25">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2126 ‼</strong><br><br><code>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22360">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:26">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2106 ‼</strong><br><br><code>Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2106">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22361">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:28">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2066 ‼</strong><br><br><code>Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2066">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22362">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:29">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2073 ‼</strong><br><br><code>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2073">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22363">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:30">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2030 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2030">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22364">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:32">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2063 ‼</strong><br><br><code>Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2063">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22365">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:33">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2124 ‼</strong><br><br><code>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2124">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22366">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:34">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2116 ‼</strong><br><br><code>Vulnerability in the Oracle Application Express Opportunity Tracker component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Opportunity Tracker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Opportunity Tracker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Opportunity Tracker accessible data as well as unauthorized read access to a subset of Oracle Application Express Opportunity Tracker accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2116">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22367">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:35">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2093 ‼</strong><br><br><code>Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2093">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22368">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:36">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2078 ‼</strong><br><br><code>Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data as well as unauthorized update, insert or delete access to some of Oracle Configurator accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2078">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22369">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:37">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2123 ‼</strong><br><br><code>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2123">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22370">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:39">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2003 ‼</strong><br><br><code>Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashboards). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2003">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22371">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:40">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2048 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2048">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22372">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:41">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2075 ‼</strong><br><br><code>Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2075">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22373">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:33:42">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-2026 ‼</strong><br><br><code>Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2026">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22374">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:26">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2097 ‼</strong><br><br><code>Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2097">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22375">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:27">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2015 ‼</strong><br><br><code>Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Workflow, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Workflow accessible data as well as unauthorized update, insert or delete access to some of Oracle Workflow accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22376">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:28">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2130 ‼</strong><br><br><code>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22377">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:29">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2051 ‼</strong><br><br><code>Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2051">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22378">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:31">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2111 ‼</strong><br><br><code>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2111">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22379">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:32">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2083 ‼</strong><br><br><code>Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: User Responsibilities). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2083">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22380">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:33">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2017 ‼</strong><br><br><code>Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2017">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22381">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:34">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2068 ‼</strong><br><br><code>Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2068">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22382">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:35">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2043 ‼</strong><br><br><code>Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2043">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22383">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:36">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2072 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2072">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22384">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:37">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2067 ‼</strong><br><br><code>Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2067">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22385">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:39">
14:37
       </div>

       <div class="text">
<strong>❌ Malwarebytes Hit by SolarWinds Attackers ❌</strong><br><br><code>The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365.</code><br><br><a href="https://threatpost.com/malwarebytes-solarwinds-attackers/163190/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22386">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:40">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2115 ‼</strong><br><br><code>Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2115">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22387">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:41">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2103 ‼</strong><br><br><code>Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2103">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22388">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:42">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2055 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2055">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22389">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:43">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2109 ‼</strong><br><br><code>Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2109">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22390">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:44">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2041 ‼</strong><br><br><code>Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2041">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22391">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:45">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2125 ‼</strong><br><br><code>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2125">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22392">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:46">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2004 ‼</strong><br><br><code>Vulnerability in the Siebel Core - Server BizLogic Script product of Oracle Siebel CRM (component: Integration - Scripting). Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Core - Server BizLogic Script. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server BizLogic Script accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2004">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22393">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:37:47">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-2019 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22394">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:27">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2038 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2038">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22395">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:29">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2020 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2020">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22396">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:29">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2005 ‼</strong><br><br><code>Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2005">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22397">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:30">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2079 ‼</strong><br><br><code>Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data as well as unauthorized update, insert or delete access to some of Oracle Configurator accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2079">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22398">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:31">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2044 ‼</strong><br><br><code>Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Financial Sanctions). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Payables accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2044">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22399">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:32">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2089 ‼</strong><br><br><code>Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Runtime Catalog). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2089">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22400">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:33">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-3130 ‼</strong><br><br><code>Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML &apos;password field&apos; obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22401">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:34">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2059 ‼</strong><br><br><code>Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Web interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2059">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22402">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:35">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2112 ‼</strong><br><br><code>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2112">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22403">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:36">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2023 ‼</strong><br><br><code>Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22404">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:40">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2110 ‼</strong><br><br><code>Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Letters). The supported version that is affected is 8.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. While the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Argus Safety accessible data. CVSS 3.1 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2110">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22405">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:41">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2102 ‼</strong><br><br><code>Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2102">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22406">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:42">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2104 ‼</strong><br><br><code>Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2104">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22407">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:42">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2047 ‼</strong><br><br><code>Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2047">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22408">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:43">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2011 ‼</strong><br><br><code>Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2011">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22409">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:47">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2088 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2088">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22410">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:48">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2035 ‼</strong><br><br><code>Vulnerability in the RDBMS Scheduler component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Export Full Database privilege with network access via Oracle Net to compromise RDBMS Scheduler. Successful attacks of this vulnerability can result in takeover of RDBMS Scheduler. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2035">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22411">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:49">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2082 ‼</strong><br><br><code>Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2082">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22412">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:50">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2128 ‼</strong><br><br><code>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22413">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:40:51">
14:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-2025 ‼</strong><br><br><code>Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2025">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22414">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:43:31">
14:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-2012 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2012">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22415">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:43:32">
14:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-2062 ‼</strong><br><br><code>Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Server). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2062">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22416">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:43:33">
14:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-2064 ‼</strong><br><br><code>Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2064">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22417">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:43:35">
14:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-2085 ‼</strong><br><br><code>Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2085">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22418">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:43:36">
14:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-2090 ‼</strong><br><br><code>Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2090">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22419">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:43:37">
14:43
       </div>

       <div class="text">
<strong>‼ CVE-2020-20949 ‼</strong><br><br><code>Bleichenbacher&apos;s attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher&apos;s oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20949">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22420">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:43:38">
14:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-2000 ‼</strong><br><br><code>Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYS Account privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified Audit accessible data. CVSS 3.1 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22421">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:43:39">
14:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-2021 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22422">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:43:41">
14:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-2009 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2009">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22423">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 14:43:42">
14:43
       </div>

       <div class="text">
<strong>‼ CVE-2021-2031 ‼</strong><br><br><code>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2031">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22424">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 15:22:46">
15:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Has the coronavirus pandemic affected Apple’s hardware design? ⚠</strong><br><br><code>The more things change... the more they stay the same!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/20/has-the-coronavirus-pandemic-affected-apples-hardware-design/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22425">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 16:20:59">
16:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Name That Toon: Insider Threat 🕴</strong><br><br><code>Ready for some fun? Come up with a clever cartoon caption for Dark Reading&apos;s January contest, and our panel of experts will reward the winner with a $25 Amazon gift card.</code><br><br><a href="https://www.darkreading.com/physical-security/name-that-toon-insider-threat/d/d-id/1339935?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22426">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 16:21:00">
16:21
       </div>

       <div class="text">
<strong>🔏 FBI Again Warns of Vishing Attacks Targeting Organizations 🔏</strong><br><br><code>The FBI is again warning organizations of increased voice phishing - vishing - attacks targeting teleworkers.</code><br><br><a href="https://digitalguardian.com/blog/fbi-again-warns-vishing-attacks-targeting-organizations">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22427">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 16:27:18">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-25687 ‼</strong><br><br><code>A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25687">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22428">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 16:27:19">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-28452 ‼</strong><br><br><code>This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks that the two values are equal and non-empty.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28452">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22429">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 16:27:20">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-25682 ‼</strong><br><br><code>A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22430">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 16:27:21">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-25686 ‼</strong><br><br><code>A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the &quot;Birthday Attacks&quot; section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25686">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22431">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 16:27:22">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-28483 ‼</strong><br><br><code>This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client&apos;s IP can be spoofed by setting the X-Forwarded-For header.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28483">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22432">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 16:27:26">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-25681 ‼</strong><br><br><code>A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25681">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22433">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 16:27:27">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-21269 ‼</strong><br><br><code>Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed. This is fixed in version 0.2.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21269">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22434">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:08:07">
18:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs ❌</strong><br><br><code>The company also issued patches for Tesla-based GPUs as part of an updated, separate security advisory.</code><br><br><a href="https://threatpost.com/nvidia-gamers-dos-data-loss-shield-tv-bugs/163200/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22435">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:24">
18:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-1270 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1270">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22436">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:25">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1259 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1259">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22437">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:26">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1261 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1261">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22438">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:27">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1269 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1269">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22439">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:28">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1274 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1274">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22440">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:29">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1301 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1301">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22441">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:31">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1278 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1278">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22442">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:33">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1272 ‼</strong><br><br><code>A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker. An attacker could exploit this vulnerability by sending a crafted HTTP request to an authenticated user of the DCNM web application. A successful exploit could allow the attacker to bypass access controls and gain unauthorized access to the Device Manager application, which provides access to network devices managed by the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22443">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:34">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1349 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1349">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22444">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:35">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-6024 ‼</strong><br><br><code>Check Point SmartConsole before R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22445">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:36">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1263 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1263">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22446">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:37">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1299 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1299">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22447">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:38">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1302 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1302">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22448">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:39">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1277 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1277">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22449">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:40">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1364 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco Unified Communications Manager IM &amp;amp; Presence Service (Unified CM IM&amp;amp;P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&amp;amp;P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1364">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22450">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:41">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1273 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1273">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22451">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:43">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1304 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1304">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22452">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:44">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1305 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1305">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22453">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:45">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1264 ‼</strong><br><br><code>A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1264">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22454">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:27:46">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1279 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1279">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22455">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:33:27">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-1357 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco Unified Communications Manager IM &amp;amp; Presence Service (Unified CM IM&amp;amp;P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&amp;amp;P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1357">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22456">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 18:33:28">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-1353 ‼</strong><br><br><code>A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1353">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22457">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 19:09:41">
19:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Critical Cisco SD-WAN Bugs Allow RCE Attacks ❌</strong><br><br><code>Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.</code><br><br><a href="https://threatpost.com/critical-cisco-sd-wan-bugs-rce-attacks/163204/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22458">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:33">
20:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-1219 ‼</strong><br><br><code>A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1219">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22459">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:34">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1141 ‼</strong><br><br><code>Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1141">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22460">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:35">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1225 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1225">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22461">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:36">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1241 ‼</strong><br><br><code>Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1241">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22462">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:37">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-26278 ‼</strong><br><br><code>Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is supplied with a manifest that runs pods on every node in a Kubernetes cluster, which are responsible for managing network connections for all other pods in the cluster. This requires a lot of power over the host, and the manifest sets `privileged: true`, which gives it that power. It also set `hostPID: true`, which gave it the ability to access all other processes on the host, and write anywhere in the root filesystem of the host. This setting was not necessary, and is being removed. You are only vulnerable if you have an additional vulnerability (e.g. a bug in Kubernetes) or misconfiguration that allows an attacker to run code inside the Weave Net pod, No such bug is known at the time of release, and there are no known instances of this being exploited. Weave Net 2.8.0 removes the hostPID setting and moves CNI plugin install to an init container. Users who do not update to 2.8.0 can edit the hostPID line in their existing DaemonSet manifest to say false instead of true, arrange some other way to install CNI plugins (e.g. Ansible) and remove those mounts from the DaemonSet manifest.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26278">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22463">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:41">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1218 ‼</strong><br><br><code>A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1218">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22464">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:42">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1249 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1249">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22465">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:42">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1250 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1250">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22466">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:43">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1140 ‼</strong><br><br><code>Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1140">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22467">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:44">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1222 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1222">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22468">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:48">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1142 ‼</strong><br><br><code>Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1142">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22469">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:49">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1235 ‼</strong><br><br><code>A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1235">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22470">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:50">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1247 ‼</strong><br><br><code>Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1247">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22471">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:51">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-26252 ‼</strong><br><br><code>OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26252">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22472">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:51">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1135 ‼</strong><br><br><code>Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1135">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22473">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:55">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1139 ‼</strong><br><br><code>Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1139">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22474">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:56">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1138 ‼</strong><br><br><code>Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1138">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22475">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:57">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1233 ‼</strong><br><br><code>A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1233">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22476">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 20:27:58">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1248 ‼</strong><br><br><code>Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1248">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22477">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 22:17:34">
22:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Releases New Info on SolarWinds Attack Chain 🕴</strong><br><br><code>Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/microsoft-releases-new-info-on-solarwinds-attack-chain/d/d-id/1339940?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22478">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 22:27:33">
22:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1068 ‼</strong><br><br><code>NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1068">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22479">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 22:27:34">
22:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1067 ‼</strong><br><br><code>NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1067">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22480">

      <div class="body">

       <div class="pull_right date details" title="20.01.2021 22:27:35">
22:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-1069 ‼</strong><br><br><code>NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1069">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-745">

      <div class="body details">
21 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22481">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 09:23:05">
09:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep16: Darkweb bust, security at home, and browser snoopage [Podcast] ⚠</strong><br><br><code>Here&apos;s the latest podcast - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/21/s3-ep16-darkweb-bust-security-at-home-and-browser-snoopage-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22482">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 11:08:49">
11:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Google Searches Expose Stolen Corporate Credentials ❌</strong><br><br><code>A phishing campaign spoofs Xerox notifications to lure victims into clicking on malicious HTML attachments.</code><br><br><a href="https://threatpost.com/attackers-leave-stolen-credentials-google-searches/163220/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22483">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 11:53:22">
11:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How scammers are exploiting COVID-19 vaccines 🦿</strong><br><br><code>Cybercriminals are setting up malicious domains and peddling phony drugs, all related to the new vaccines, says Bolster.</code><br><br><a href="https://www.techrepublic.com/article/how-scammers-are-exploiting-covid-19-vaccines/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22484">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 11:53:23">
11:53
       </div>

       <div class="text">
<strong>🦿 How asset management companies are vulnerable to ransomware and phishing attacks 🦿</strong><br><br><code>Like large banks, these firms hold valuable financial data but often have smaller security budgets and fewer staff, says Digital Shadows.</code><br><br><a href="https://www.techrepublic.com/article/how-asset-management-companies-are-vulnerable-to-ransomware-and-phishing-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22485">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 12:08:52">
12:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Google Forms Set Baseline For Widespread BEC Attacks ❌</strong><br><br><code>Researchers warn that attackers are collecting reconnaissance for future business email compromise attacks using Google Forms.</code><br><br><a href="https://threatpost.com/google-forms-set-baseline-for-widespread-bec-attacks/163223/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22486">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 12:18:00">
12:18
       </div>

       <div class="text">
<strong>🕴 Rethinking IoT Security: It&apos;s Not About the Devices 🕴</strong><br><br><br><br><a href="https://www.darkreading.com/iot/rethinking-iot-security-its-not-about-the-devices/a/d-id/1339867?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22487">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 12:28:13">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-26295 ‼</strong><br><br><code>OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26295">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22488">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 12:28:14">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-26285 ‼</strong><br><br><code>OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26285">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22489">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 12:28:15">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-4968 ‼</strong><br><br><code>IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4968">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22490">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 12:28:16">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-4966 ‼</strong><br><br><code>IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 192423.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4966">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22491">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 12:28:17">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-4969 ‼</strong><br><br><code>IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4969">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22492">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 12:28:18">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-4958 ‼</strong><br><br><code>IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4958">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22493">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 12:46:58">
12:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 OATH Toolkit 2.6.6 🛠</strong><br><br><code>OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.</code><br><br><a href="https://packetstormsecurity.com/files/161052/oath-toolkit-2.6.6.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22494">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 13:48:04">
13:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Hacker Pig Latin: A Base64 Primer for Security Analysts 🕴</strong><br><br><code>The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can&apos;t be concealed under the veil of encryption. Here&apos;s how to see through its tricks.</code><br><br><a href="https://www.darkreading.com/edge/theedge/hacker-pig-latin-a-base64-primer-for-security-analysts/b/d-id/1339921?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22495">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 14:28:14">
14:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21238 ‼</strong><br><br><code>PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21238">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22496">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 14:28:15">
14:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-21239 ‼</strong><br><br><code>PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within the given document. xmlsec1 needs to be configured explicitly to only use only _x509 certificates_ for the verification process of the SAML document signature. This is fixed in PySAML2 6.5.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21239">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22497">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 14:28:16">
14:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-21253 ‼</strong><br><br><code>OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21253">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22498">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 14:48:05">
14:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 7 Steps to Secure a WordPress Site 🕴</strong><br><br><code>Many companies operate under the assumption that their WordPress sites are secure -- and that couldn&apos;t be anything further from the truth.</code><br><br><a href="https://www.darkreading.com/application-security/7-steps-to-secure-a-wordpress-site------------------/d/d-id/1339942?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22499">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 14:53:22">
14:53
       </div>

       <div class="text">
<strong>🦿 SSH keys: How to view in Linux, macOS, and Windows 🦿</strong><br><br><code>If you&apos;re not sure how to view your SSH certificates, Jack Wallen walks you through the steps on Linux, macOS, and Windows.</code><br><br><a href="https://www.techrepublic.com/videos/ssh-keys-how-to-view-in-linux-macos-and-windows/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22500">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 15:18:05">
15:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cloud Jacking: The Bold New World of Enterprise Cybersecurity 🕴</strong><br><br><code>Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.</code><br><br><a href="https://www.darkreading.com/cloud/cloud-jacking-the-bold-new-world-of-enterprise-cybersecurity/a/d-id/1339896?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22501">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 15:53:25">
15:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to check for and stop DDoS attacks on Linux 🦿</strong><br><br><code>Jack Wallen walks you through some of the steps you can take to check for and mitigate distributed denial of service attacks on a Linux server.</code><br><br><a href="https://www.techrepublic.com/article/how-to-check-for-and-stop-ddos-attacks-on-linux/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22502">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 16:28:21">
16:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-8567 ‼</strong><br><br><code>Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8567">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22503">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 16:28:22">
16:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-8569 ‼</strong><br><br><code>Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can’t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8569">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22504">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 16:28:23">
16:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-8554 ‼</strong><br><br><code>Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8554">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22505">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 16:28:24">
16:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-8570 ‼</strong><br><br><code>Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8570">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22506">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 16:28:25">
16:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-8568 ‼</strong><br><br><code>Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8568">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22507">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 17:09:02">
17:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Einstein Healthcare Network Announces August Breach ❌</strong><br><br><code>Einstein is in violation of the the HHS 60-day breach notification rule, but unlikely to face penalty.</code><br><br><a href="https://threatpost.com/einstein-healthcare-network-announces-august-breach/163237/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22508">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 17:09:03">
17:09
       </div>

       <div class="text">
<strong>❌ SQL Server Malware Tied to Iranian Software Firm, Researchers Allege ❌</strong><br><br><code>Researchers have traced the origins of a campaign - infecting SQL servers to mine cryptocurrency - back to an Iranian software firm.</code><br><br><a href="https://threatpost.com/sql-server-malware-tied-to-iranian-software-firm-researchers-allege/163230/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22509">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 17:23:25">
17:23
       </div>

       <div class="text">
<strong>🦿 2020 sees huge increase in records exposed in data breaches 🦿</strong><br><br><code>The number of breaches may have fallen, but the number of exposed records hit a high not seen since 2005, says Risk Based Security.</code><br><br><a href="https://www.techrepublic.com/article/2020-sees-huge-increase-in-records-exposed-in-data-breaches/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22510">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 17:48:25">
17:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 EDPB Issues Draft Guidelines for Data Breach Notifications 🔏</strong><br><br><code>The guidelines are supposed to help data controllers when it comes to deciding how to handle data breaches and what factors to consider during risk assessment.</code><br><br><a href="https://digitalguardian.com/blog/edpb-issues-draft-guidelines-data-breach-notifications">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22511">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 19:18:13">
19:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Attackers Leave Stolen Credentials Searchable on Google 🕴</strong><br><br><code>Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.</code><br><br><a href="https://www.darkreading.com/endpoint/attackers-leave-stolen-credentials-searchable-on-google/d/d-id/1339948?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22512">

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 19:23:27">
19:23
       </div>

       <div class="text">
<strong>🦿 Google: How and when to change your password 🦿</strong><br><br><code>If you&apos;ve ever been tempted to change your Google account password, but weren&apos;t sure how, don&apos;t let that confusion stop you. Jack Wallen walks you through the process.</code><br><br><a href="https://www.techrepublic.com/videos/google-how-and-when-to-change-your-password/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22513">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 19:48:13">
19:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Breach Data Shows Attackers Switched Gears in 2020 🕴</strong><br><br><code>Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/breach-data-shows-attackers-switched-gears-in-2020/d/d-id/1339949?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22514">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.01.2021 20:48:15">
20:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 DreamBus, FreakOut Botnets Pose New Threat to Linux Systems 🕴</strong><br><br><code>Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/dreambus-freakout-botnets-pose-new-threat-to-linux-systems/d/d-id/1339953?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-746">

      <div class="body details">
22 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22515">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 09:24:03">
09:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 These Microsoft tools help you reduce, remove or lock down admin access to improve security 🦿</strong><br><br><code>The SolarWinds compromise means you can no longer put off privileged account management.</code><br><br><a href="https://www.techrepublic.com/article/these-microsoft-tools-help-you-reduce-remove-or-lock-down-admin-access-to-improve-security/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22516">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 09:24:04">
09:24
       </div>

       <div class="text">
<strong>🦿 Bosses are using monitoring software to keep tabs on working at home. Privacy rules aren&apos;t keeping up 🦿</strong><br><br><code>Worker&apos;s union Prospect warned that the UK was at risk of &apos;sleepwalking into a world of surveillance&apos; as more businesses turn to digital tools to keep tabs on remote workers.</code><br><br><a href="https://www.techrepublic.com/article/bosses-are-using-monitoring-software-to-keep-tabs-on-working-at-home-privacy-rules-arent-keeping-up/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22517">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 10:09:44">
10:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks ❌</strong><br><br><code>Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic.</code><br><br><a href="https://threatpost.com/threat-actors-can-exploit-windows-rdp-servers-to-amplify-ddos-attacks/163248/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22518">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 10:53:27">
10:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ US administration adds “subliminal” ad to White House website ⚠</strong><br><br><code>Hiding digital &quot;secrets&quot; where they&apos;re supposed to be found is good fun. Just don&apos;t hide actual secrets and hope no one will notice!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/22/us-administration-adds-subliminal-ad-to-white-house-website/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22519">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 10:53:28">
10:53
       </div>

       <div class="text">
<strong>🦿 The new Microsoft Edge browser will warn you if your password has been leaked online 🦿</strong><br><br><code>The new Edge 88 browser includes tough new security features, including a password generator and a tool for monitoring whether your login details have been exposed to the dark web.</code><br><br><a href="https://www.techrepublic.com/article/the-new-microsoft-edge-browser-will-warn-you-if-your-password-has-been-leaked-online/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22520">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 12:18:42">
12:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Why North Korea Excels in Cybercrime 🕴</strong><br><br><code>North Korea is laser-focused on boosting its cyber capabilities, and it&apos;s doing a remarkable job of it.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/why-north-korea-excels-in-cybercrime--/a/d-id/1339887?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22521">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 12:18:43">
12:18
       </div>

       <div class="text">
<strong>🔏 Friday Five 1/22 🔏</strong><br><br><code>Copycats, searchable phishing campaigns, and cybersecurity policy in the new administration - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-1/22">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22522">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 12:29:11">
12:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-28488 ‼</strong><br><br><code>This affects all versions of package jquery-ui; all versions of package org.fujion.webjars:jquery-ui. When the &quot;dialog&quot; is injected into an HTML tag more than once, the browser and the application may crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28488">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22523">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 14:39:54">
14:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Ransomware Attackers Publish 4K Private Scottish Gov Agency Files ❌</strong><br><br><code>Up to 4,000 stolen files have been released by hackers who launched a ransomware attack against the Scottish Environmental Protection Agency on Christmas Eve.</code><br><br><a href="https://threatpost.com/attackers-publish-private-scottish-gov-files/163254/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22524">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 15:39:57">
15:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Discord-Stealing Malware Invades npm Packages ❌</strong><br><br><code>The CursedGrabber malware has infiltrated the open-source software code repository.</code><br><br><a href="https://threatpost.com/discord-stealing-malware-npm-packages/163265/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22525">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 16:09:56">
16:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ ADT Tech Hacks Home-Security Cameras to Spy on Women ❌</strong><br><br><code>A former ADT employee pleads guilty of accessing customers’ cameras so he could spy on them.</code><br><br><a href="https://threatpost.com/adt-hacks-home-security-cameras/163271/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22526">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 16:29:23">
16:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21259 ‼</strong><br><br><code>HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.2. ### Workarounds Disallow loading JavaScript from 3rd party sites using the `Content-Security-Policy` header. Note that this will break some embedded content. ### References This issue was discovered by @TobiasHoll and reported to hackmdio/codimd: https://github.com/hackmdio/codimd/issues/1648 ### For more information If you have any questions or comments about this advisory: * Open an topic on our community forum * Join our matrix room</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21259">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22527">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 16:29:23">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-21270 ‼</strong><br><br><code>OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21270">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22528">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 16:29:24">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-21260 ‼</strong><br><br><code>Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password. It has been found that Item description is reflected without sanitization in app/items_view.php which enables the malicious scenario.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21260">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22529">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 16:29:25">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-28487 ‼</strong><br><br><code>This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28487">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22530">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 16:29:26">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-4766 ‼</strong><br><br><code>IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4766">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22531">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 16:54:11">
16:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Expert: Manpower is a huge cybersecurity issue in 2021 🦿</strong><br><br><code>Changing threats, volume of threats, and ransomware plague organizations. Having some autonomous AI tools to help pros do their jobs can help.</code><br><br><a href="https://www.techrepublic.com/article/expert-manpower-is-a-huge-cybersecurity-issue-in-2021/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22532">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 16:54:12">
16:54
       </div>

       <div class="text">
<strong>🦿 Cybersecurity pros can&apos;t handle all the threat tasks alone, expert says 🦿</strong><br><br><code>Having an AI tool to help can ease the burden on cybersecurity teams, which are struggling to keep up with constant and more serious threats.</code><br><br><a href="https://www.techrepublic.com/videos/cybersecurity-pros-cant-handle-all-the-threat-tasks-alone-expert-says/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22533">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 18:24:13">
18:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cybersecurity: Blaming users is not the answer 🦿</strong><br><br><code>A punitive approach toward employees reporting data breaches intensifies problems.</code><br><br><a href="https://www.techrepublic.com/article/cybersecurity-blaming-users-is-not-the-answer/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22534">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 18:29:26">
18:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-12514 ‼</strong><br><br><code>Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12514">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22535">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 18:29:27">
18:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-12513 ‼</strong><br><br><code>Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12513">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22536">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 18:29:28">
18:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-12525 ‼</strong><br><br><code>M&amp;M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12525">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22537">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 18:29:29">
18:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-12511 ‼</strong><br><br><code>Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12511">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22538">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 18:29:30">
18:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-12512 ‼</strong><br><br><code>Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12512">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22539">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 18:48:52">
18:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Cybersecurity Newbs Can Start Out on the Right Foot 🕴</strong><br><br><code>Cybersecurity experts share their savvy tips and useful resources for infosec hopefuls.</code><br><br><a href="https://www.darkreading.com/theedge/how-cybersecurity-newbs-can-start-out-on-the-right-foot/b/d-id/1339959?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22540">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 18:48:53">
18:48
       </div>

       <div class="text">
<strong>🕴 Speed of Digital Transformation May Lead to Greater App Vulnerabilities 🕴</strong><br><br><code>The fastest-moving industries are struggling to produce secure code, according to AppSec experts.</code><br><br><a href="https://www.darkreading.com/application-security/speed-of-digital-transformation-may-lead-to-greater-app-vulnerabilities/d/d-id/1339961?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22541">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 19:10:03">
19:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Amazon Kindle RCE Attack Starts with an Email ❌</strong><br><br><code>The &quot;KindleDrip&quot; attack would have allowed attackers to siphon money from unsuspecting victims.</code><br><br><a href="https://threatpost.com/amazon-kindle-attack-email/163282/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22542">

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 19:10:04">
19:10
       </div>

       <div class="text">
<strong>❌ Microsoft Edge, Google Chrome Roll Out Password Protection Tools ❌</strong><br><br><code>The new tools on Chrome and Edge will make it easier for browser users to discover - and change - compromised passwords.</code><br><br><a href="https://threatpost.com/microsoft-edge-google-chrome-roll-out-password-protection-tools/163272/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22543">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 19:54:14">
19:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Microsoft President urges tech leaders to follow lessons from Apollo missions and &quot;War Games&quot; 🦿</strong><br><br><code>President Brad Smith said that national security is threatened by the industry&apos;s inability to learn lessons from the past.</code><br><br><a href="https://www.techrepublic.com/videos/microsoft-president-urges-tech-leaders-to-follow-lessons-from-apollo-missions-and-war-games/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22544">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.01.2021 20:18:55">
20:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Intel Confirms Unauthorized Access of Earnings-Related Data 🕴</strong><br><br><code>News likely contributed to slide of over 9% in chipmaker&apos;s stock at one point Friday.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/intel-confirms-unauthorized-access-of-earnings-related-data-/d/d-id/1339963?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-747">

      <div class="body details">
25 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22545">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 09:20:44">
09:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Comparing Different AI Approaches to Email Security 🕴</strong><br><br><code>Get to know the difference between &quot;supervised&quot; and &quot;unsupervised&quot; machine learning.</code><br><br><a href="https://www.darkreading.com/edge/theedge/comparing-different-ai-approaches-to-email-security/b/d-id/1339965?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22546">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 12:03:28">
12:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 AIDE 0.17 🛠</strong><br><br><code>AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.</code><br><br><a href="https://packetstormsecurity.com/files/161098/aide-0.17.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22547">

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 12:03:29">
12:03
       </div>

       <div class="text">
<strong>🛠 Logwatch 7.5.5 🛠</strong><br><br><code>Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.</code><br><br><a href="https://packetstormsecurity.com/files/161096/logwatch-7.5.5.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22548">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 12:24:51">
12:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ US administration adds “subliminal” ad to White House website ⚠</strong><br><br><code>Hiding digital &quot;secrets&quot; where they&apos;re supposed to be found is good fun. Just don&apos;t hide actual secrets and hope no one will notice!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/22/us-administration-adds-subliminal-ad-to-white-house-website/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22549">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 12:50:52">
12:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How to Better Secure Your Microsoft 365 Environment 🕴</strong><br><br><code>Security experts offer Microsoft 365 security guidance as more attackers target enterprise cloud environments.</code><br><br><a href="https://www.darkreading.com/endpoint/how-to-better-secure-your-microsoft-365-environment/d/d-id/1339964?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22550">

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 12:54:51">
12:54
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – Don’t let digital jokes turn into digital disasters ⚠</strong><br><br><code>Here&apos;s the latest Naked Security Live video - watch and enjoy!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/25/naked-security-live-dont-let-digital-jokes-turn-into-digital-disasters/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22551">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 13:55:48">
13:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 2021 predictions: Quantifying and prioritizing cyber and business risk 🦿</strong><br><br><code>Every new year brings new challenges surrounding risk management. Learn how to protect your company and its assets with these tips from an industry insider.</code><br><br><a href="https://www.techrepublic.com/article/2021-predictions-quantifying-and-prioritizing-cyber-and-business-risk/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22552">

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 13:55:49">
13:55
       </div>

       <div class="text">
<strong>🦿 Analysts question viability of last-minute executive order from Trump on IaaS companies&apos; foreign users 🦿</strong><br><br><code>In response to the Solar Winds attack, the order forces cloud companies to keep the names, addresses, emails, credit card numbers, and more, any time cloud services are used.</code><br><br><a href="https://www.techrepublic.com/article/analysts-question-viability-of-last-minute-executive-order-from-trump-on-iaas-companies-foreign-users/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22553">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 14:13:47">
14:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ SonicWall Breach Stems from ‘Probable’ Zero-Days ❌</strong><br><br><code>The security vendor is investigating potential zero-day vulnerabilities in its Secure Mobile Access (SMA) 100 series.</code><br><br><a href="https://threatpost.com/sonicwall-breach-zero-days-in-remote-access/163290/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22554">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 15:13:50">
15:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cisco DNA Center Bug Opens Enterprises to Remote Attack ❌</strong><br><br><code>The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks.</code><br><br><a href="https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22555">

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 15:25:11">
15:25
       </div>

       <div class="text">
<strong>🦿 Homebrew: How to install post-exploitation tools on macOS 🦿</strong><br><br><code>We&apos;ll guide you through the process of using Homebrew package manager to install post-exploit security tools on macOS to further assess compromised system vulnerabilities found in your Apple equipment.</code><br><br><a href="https://www.techrepublic.com/article/homebrew-how-to-install-post-exploitation-tools-on-macos/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22556">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 17:26:46">
17:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 The Most Read Data Insider Blogs of 2020 🔏</strong><br><br><code>SOX compliance, preventing social engineering attacks, and data classification. In this blog, we count down the most read blogs of 2020.</code><br><br><a href="https://digitalguardian.com/blog/most-read-data-insider-blogs-2020">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22557">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 17:51:02">
17:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Small Security Teams Have Big Security Fears, CISOs Report 🕴</strong><br><br><code>Researchers poll security leaders who are tasked with protecting large organizations but have a small presence and budget.</code><br><br><a href="https://www.darkreading.com/endpoint/small-security-teams-have-big-security-fears-cisos-report/d/d-id/1339968?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22558">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 18:14:05">
18:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 2.28M MeetMindful Daters Compromised in Data Breach ❌</strong><br><br><code>The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download.</code><br><br><a href="https://threatpost.com/meetmindful-daters-compromised-data-breach/163313/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22559">

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 18:25:20">
18:25
       </div>

       <div class="text">
<strong>🦿 Gartner: The future of AI is not as rosy as some might think 🦿</strong><br><br><code>A Gartner report predicts that the second-order consequences of widespread AI will have massive societal impacts, to the point of making us unsure if and when we can trust our own eyes.</code><br><br><a href="https://www.techrepublic.com/article/gartner-the-future-of-ai-is-not-as-rosy-as-some-might-think/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22560">

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 18:34:02">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-21272 ‼</strong><br><br><code>ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a &quot;zip-slip&quot; vulnerability. The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`. Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`. The problem has been fixed in version 0.9.0. For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider. For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22561">

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 18:44:03">
18:44
       </div>

       <div class="text">
<strong>❌ Outgoing FCC Chair Issues Final Security Salvo Against China ❌</strong><br><br><code>Ajit Pai says Chinese telecom companies ‘biggest national security threat’ for regulators in exit interview.</code><br><br><a href="https://threatpost.com/outgoing-fcc-chair-security-china/163318/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22562">

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 18:51:08">
18:51
       </div>

       <div class="text">
<strong>🕴 Deloitte &amp; Touche Buys Threat-Hunting Firm 🕴</strong><br><br><code>Root9B (R9B) offers threat hunting and other managed security services.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/deloitte-and-touche-buys-threat-hunting-firm-/d/d-id/1339970?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22563">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 19:14:03">
19:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Breaking Down Joe Biden’s $10B Cybersecurity ‘Down Payment’ ❌</strong><br><br><code>Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in.</code><br><br><a href="https://threatpost.com/breaking-down-joe-bidens-10b-cybersecurity-down-payment/163304/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22564">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.01.2021 22:34:14">
22:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21275 ‼</strong><br><br><code>The MediaWiki &quot;Report&quot; extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21275">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-748">

      <div class="body details">
26 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22565">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 10:56:26">
10:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 IT leaders see outsourcing cybersecurity as one solution to increased attacks 🦿</strong><br><br><code>A new survey from Syntax found that many decision-makers are not happy with their existing security tools.</code><br><br><a href="https://www.techrepublic.com/article/it-leaders-see-outsourcing-cybersecurity-as-one-solution-to-increased-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22566">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 11:52:07">
11:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Startup Offers Free Version of its &apos;Passwordless&apos; Technology 🕴</strong><br><br><code>Beyond Identity co-founders hope to move the needle in eliminating the need for passwords, but experts say killing passwords altogether won&apos;t be easy.</code><br><br><a href="https://www.darkreading.com/application-security/startup-offers-free-version-of-its-passwordless-technology-/d/d-id/1339974?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22567">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 12:15:04">
12:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ North Korea Targets Security Researchers in Elaborate 0-Day Campaign ❌</strong><br><br><code>Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched systems at multiple firms with a malicious backdoor.</code><br><br><a href="https://threatpost.com/north-korea-security-researchers-0-day/163333/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22568">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 12:22:08">
12:22
       </div>

       <div class="text">
<strong>🕴 Mainframe Security Automation Is Not a Luxury 🕴</strong><br><br><code>As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.</code><br><br><a href="https://www.darkreading.com/perimeter/mainframe-security-automation-is-not-a-luxury/a/d-id/1339917?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22569">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 12:26:27">
12:26
       </div>

       <div class="text">
<strong>🦿 Veritas Technologies adds Flex Scale to NetBackup9 for scale-out functionality 🦿</strong><br><br><code>The data protection company&apos;s latest delivers new features on a simplified platform to provide customers with additional choice for deployment across edge, core, and cloud.</code><br><br><a href="https://www.techrepublic.com/article/veritas-technologies-adds-flex-scale-to-netbackup9-for-scale-out-functionality/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22570">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 12:26:28">
12:26
       </div>

       <div class="text">
<strong>🦿 Governors hear about the dangers of a lackluster cybersecurity response, need for FBI coordination 🦿</strong><br><br><code>At a national summit, Louisiana Gov. John Bel Edwards said before his state could test a cyberattack plan, five schools were hit with ransomware.</code><br><br><a href="https://www.techrepublic.com/article/governors-hear-about-the-dangers-of-a-lackluster-cybersecurity-response-need-for-fbi-coordination/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22571">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 12:26:29">
12:26
       </div>

       <div class="text">
<strong>🦿 Bad actors launched an unprecedented wave of DDoS attacks in 2020 🦿</strong><br><br><code>Cybersecurity firm Akamai said in a report that COVID-19 and a newfound reliance on digital tools prompted a spike.</code><br><br><a href="https://www.techrepublic.com/article/bad-actors-launched-an-unprecedented-wave-of-ddos-attacks-in-2020/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22572">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 12:52:08">
12:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SAML: The Language You Don&apos;t Know You&apos;re Speaking 🕴</strong><br><br><code>Security Assertion Markup Language, a protocol most people use daily to log into applications, makes authentication easier for both admins and users.</code><br><br><a href="https://www.darkreading.com/edge/theedge/saml-the-language-you-dont-know-youre-speaking/b/d-id/1339932?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22573">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 14:25:17">
14:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Privacy budgets soared in 2020, doubling to an average of $2.4 million 🦿</strong><br><br><code>93% of organizations turned to privacy teams to help navigate the COVID-19 pandemic, a new Cisco report finds.</code><br><br><a href="https://www.techrepublic.com/article/privacy-budgets-soared-in-2020-doubling-to-an-average-of-2-4-million/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22574">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 14:36:09">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-4889 ‼</strong><br><br><code>IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4889">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22575">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 14:36:10">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-4949 ‼</strong><br><br><code>IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4949">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22576">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 14:45:08">
14:45
       </div>

       <div class="text">
<strong>❌ Criminal, Domestic Violence Case Info Exposed in Cook County Leak ❌</strong><br><br><code>Cook County, Ill., home to Chicago, has left a database exposed since at least September that contained sensitive criminal and family-court records.</code><br><br><a href="https://threatpost.com/criminal-domestic-case-cook-county-leak23k-sensitive-court-records/163336/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22577">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 14:45:09">
14:45
       </div>

       <div class="text">
<strong>❌ Nefilim Ransomware Gang Hits Jackpot with Ghost Account ❌</strong><br><br><code>An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed.</code><br><br><a href="https://threatpost.com/nefilim-ransomware-ghost-account/163341/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22578">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 14:56:27">
14:56
       </div>

       <div class="text">
<strong>⚠ Ghost hack – criminals use deceased employee’s account to wreak havoc ⚠</strong><br><br><code>Most companies are quick to remove ex-staff from the payroll, but often not so quick to shut down their network access.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/26/ghost-hack-criminals-use-deceased-employees-account-to-wreak-havoc/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22579">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 15:22:13">
15:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Fighting the Rapid Rise of Cyber Warfare in a Changing World 🕴</strong><br><br><code>Global cyber warfare is a grim reality, but strong public-private relationships and security frameworks can safeguard people, institutions, and businesses.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/fighting-the-rapid-rise-of-cyber-warfare-in-a-changing-world/a/d-id/1339910?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22580">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 15:26:31">
15:26
       </div>

       <div class="text">
<strong>🦿 How to quickly block spam SMS in Android 🦿</strong><br><br><code>Jack Wallen shows you how easy it is to block and report spam SMS messages on the Android platform.</code><br><br><a href="https://www.techrepublic.com/article/how-to-quickly-block-spam-sms-in-android/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22581">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 15:26:33">
15:26
       </div>

       <div class="text">
<strong>🦿 Google&apos;s new zero trust product is completely cloud native 🦿</strong><br><br><code>BeyondCorp Enterprise is a scalable, agentless, end-to-end zero trust platform that lives entirely within Chrome Enterprise.</code><br><br><a href="https://www.techrepublic.com/article/googles-new-zero-trust-product-is-completely-cloud-native/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22582">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:22:16">
16:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cartoon Caption Winner: Before I Go ... 🕴</strong><br><br><code>And the winner of The Edge&apos;s January cartoon caption contest is ...</code><br><br><a href="https://www.darkreading.com/edge/theedge/cartoon-caption-winner-before-i-go-/b/d-id/1339981?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22583">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:13">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2018-10348 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10348">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22584">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:14">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2018-10341 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10341">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22585">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:15">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2019-11297 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11297">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22586">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:16">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2019-11298 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11298">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22587">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:17">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-35309 ‼</strong><br><br><code>Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - &quot;Categories&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35309">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22588">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:21">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-17522 ‼</strong><br><br><code>When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17522">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22589">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:22">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2019-11302 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11302">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22590">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:23">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2018-10337 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10337">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22591">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:24">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2018-10332 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10332">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22592">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:25">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-35513 ‼</strong><br><br><code>A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35513">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22593">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:26">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2018-10330 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22594">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:27">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2018-10336 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10336">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22595">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:28">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2019-11308 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11308">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22596">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:29">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2018-10343 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10343">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22597">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:30">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2019-11311 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11311">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22598">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:31">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2018-10333 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22599">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:32">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2018-10349 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10349">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22600">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:33">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2019-11296 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11296">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22601">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:35">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2018-10331 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10331">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22602">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:36:35">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-29241 ‼</strong><br><br><code>Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the &quot;Title&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29241">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22603">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:17">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-13192 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13192">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22604">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:18">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-21615 ‼</strong><br><br><code>Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21615">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22605">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:19">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-28314 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28314">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22606">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:20">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-5483 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5483">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22607">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:21">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-36209 ‼</strong><br><br><code>An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36209">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22608">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:22">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-13209 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13209">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22609">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:23">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-16236 ‼</strong><br><br><code>FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16236">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22610">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:24">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-35844 ‼</strong><br><br><code>FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35844">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22611">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:25">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-5473 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5473">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22612">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:26">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-13200 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13200">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22613">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:30">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-28323 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28323">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22614">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:31">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-5458 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5458">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22615">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:32">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-5465 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5465">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22616">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:33">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-5464 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5464">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22617">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:34">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-5494 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5494">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22618">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:36">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-5440 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5440">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22619">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:37">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-5468 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5468">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22620">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:38">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-28305 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28305">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22621">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:39">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-5493 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5493">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22622">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:42:40">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-8293 ‼</strong><br><br><code>A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8293">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22623">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:17">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-5472 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5472">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22624">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:18">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-25904 ‼</strong><br><br><code>An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25904">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22625">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:19">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-35843 ‼</strong><br><br><code>FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35843">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22626">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:20">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-36212 ‼</strong><br><br><code>An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36212">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22627">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:22">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-3285 ‼</strong><br><br><code>jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3285">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22628">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:23">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-28302 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28302">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22629">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:24">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2021-3185 ‼</strong><br><br><code>A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3185">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22630">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:25">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-13204 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13204">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22631">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:26">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-27298 ‼</strong><br><br><code>Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27298">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22632">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:27">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-20269 ‼</strong><br><br><code>A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20269">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22633">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:28">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-13219 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13219">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22634">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:29">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-5474 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5474">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22635">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:30">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-5446 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5446">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22636">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:32">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-13206 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13206">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22637">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:33">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-27583 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27583">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22638">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:34">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-27541 ‼</strong><br><br><code>Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and started again later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27541">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22639">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:35">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-28326 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28326">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22640">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:36">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-13212 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13212">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22641">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:38">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-27542 ‼</strong><br><br><code>Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code (including network settings). The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command (without any escaping). So bash injection is possible. Camera doesn&apos;t parse QR codes if it&apos;s already successfully configured. Camera is always rebooted after successful configuration via QR code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27542">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22642">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:46:39">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-29000 ‼</strong><br><br><code>An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. Any attacker that has the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22643">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:19">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-13215 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13215">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22644">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:20">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-28292 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28292">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22645">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:20">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-28303 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28303">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22646">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:22">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2019-11305 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11305">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22647">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:22">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-36227 ‼</strong><br><br><code>A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36227">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22648">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:23">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-27098 ‼</strong><br><br><code>In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible way to access contacts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138791358</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27098">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22649">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:24">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-5442 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5442">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22650">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:25">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-22698 ‼</strong><br><br><code>A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22698">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22651">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:27">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-35576 ‼</strong><br><br><code>A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35576">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22652">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:28">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-28304 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28304">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22653">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:29">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-13187 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13187">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22654">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:30">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-36205 ‼</strong><br><br><code>An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36205">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22655">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:32">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-28295 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28295">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22656">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:33">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-5480 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5480">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22657">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:34">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-13216 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13216">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22658">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:35">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2019-25015 ‼</strong><br><br><code>LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-25015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22659">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:36">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-28299 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28299">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22660">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:37">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-5478 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5478">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22661">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:39">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-21146 ‼</strong><br><br><code>Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22662">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:49:40">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-28300 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28300">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22663">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:52:20">
16:52
       </div>

       <div class="text">
<strong>🕴 BEC Scammers Find New Ways to Navigate Microsoft 365 🕴</strong><br><br><code>Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.</code><br><br><a href="https://www.darkreading.com/endpoint/bec-scammers-find-new-ways-to-navigate-microsoft-365/d/d-id/1339983?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22664">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:56:49">
16:56
       </div>

       <div class="text">
<strong>❌ 23M Gamer Records Exposed in VIPGames Leak ❌</strong><br><br><code>The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.</code><br><br><a href="https://threatpost.com/gamer-records-exposed-vipgames-leak/163352/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22665">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 16:59:50">
16:59
       </div>

       <div class="text">
<strong>🔏 Hacker Who Ransomed Companies Pleads Guilty 🔏</strong><br><br><code>The man admitted he accessed sites, stole data, and demanded companies pay a ransom to prevent the release of the data.</code><br><br><a href="https://digitalguardian.com/blog/hacker-who-ransomed-companies-pleads-guilty">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22666">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 17:22:19">
17:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks 🕴</strong><br><br><code>Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.</code><br><br><a href="https://www.darkreading.com/application-security/mimecast-recent-certificate-compromise-tied-to-solarwinds-attacks/d/d-id/1339984?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22667">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 17:52:19">
17:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Privacy Teams Helped Navigate the Pivot to Work-from-Home 🕴</strong><br><br><code>Annual Cisco privacy study also reports that 90% of organizations say their customers won&apos;t buy from them if they are not clear about data policy practices.</code><br><br><a href="https://www.darkreading.com/endpoint/privacy-teams-helped-navigate-the-pivot-to-work-from-home-/d/d-id/1339985?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22668">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 18:36:21">
18:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-27299 ‼</strong><br><br><code>The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27299">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22669">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 18:36:22">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-27295 ‼</strong><br><br><code>The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27295">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22670">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 18:36:23">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-27274 ‼</strong><br><br><code>Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27274">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22671">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 18:36:24">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-27297 ‼</strong><br><br><code>The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27297">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22672">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 18:36:25">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-13582 ‼</strong><br><br><code>A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13582">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22673">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 18:36:26">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-22159 ‼</strong><br><br><code>Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22159">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22674">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 18:36:27">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3308 ‼</strong><br><br><code>An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3308">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22675">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 18:36:28">
18:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-23272 ‼</strong><br><br><code>The Application Development Clients component of TIBCO Software Inc.&apos;s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.&apos;s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22676">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 18:45:16">
18:45
       </div>

       <div class="text">
<strong>❌ DanaBot Malware Roars Back into Relevancy ❌</strong><br><br><code>Sophisticated and dangerous, DanaBot has resurfaced after laying dormant for seven months.</code><br><br><a href="https://threatpost.com/danabot-malware-roars-back/163358/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22677">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 19:15:19">
19:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Nvidia Squashes High-Severity Jetson DoS Flaw ❌</strong><br><br><code>If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products.</code><br><br><a href="https://threatpost.com/nvidia-squashes-high-severity-jetson-dos-flaw/163360/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22678">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 19:56:38">
19:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Google releases alarming report about North Korean hackers posing as security analysts 🦿</strong><br><br><code>Google said the attackers were targeting security researchers by using fake LinkedIn and Twitter profiles and asking to collaborate.</code><br><br><a href="https://www.techrepublic.com/article/google-releases-alarming-report-about-north-korean-hackers-posing-as-security-analysts/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22679">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:22:25">
20:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 North Korean Attackers Target Security Researchers via Social Media: Google 🕴</strong><br><br><code>Google TAG warns the infosec community of unsolicited requests from individuals seeking collaboration on vulnerability research.</code><br><br><a href="https://www.darkreading.com/endpoint/north-korean-attackers-target-security-researchers-via-social-media-google/d/d-id/1339988?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22680">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:22:26">
20:22
       </div>

       <div class="text">
<strong>🕴 Pay-Or-Get-Breached Ransomware Schemes Take Off 🕴</strong><br><br><code>In 2020, ransomware attackers moved quickly to adopt so-called &quot;double extortion&quot; schemes, with more than 550 incidents in the fourth quarter alone.</code><br><br><a href="https://www.darkreading.com/endpoint/pay-or-get-breached-ransomware-schemes-take-off/d/d-id/1339987?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22681">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:36:28">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-1071 ‼</strong><br><br><code>NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1071">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22682">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:36:30">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-23774 ‼</strong><br><br><code>A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23774">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22683">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:36:32">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-26272 ‼</strong><br><br><code>It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22684">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:36:35">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-21278 ‼</strong><br><br><code>RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues The fix in version 7f1c430 is to temporarily remove the problematic route and added a `no-new-func` rule to eslint.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21278">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22685">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:36:37">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-1070 ‼</strong><br><br><code>NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1070">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22686">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:36:39">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-21283 ‼</strong><br><br><code>Flarum is an open source discussion platform for websites. The &quot;Flarum Sticky&quot; extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to be injected as HTML on the discussion list. The issue was discovered following an internal audit. Any HTML would be injected through the m.trust() helper. This resulted in an HTML injection where &lt;script&gt; tags would not be executed. However it was possible to run javascript from other HTML attributes, enabling a cross-site scripting (XSS) attack to be performed. Since the exploit only happens with the first post of a pinned discussion, an attacker would need the ability to pin their own discussion, or be able to edit a discussion that was previously pinned. On forums where all pinned posts are authored by your staff, you can be relatively certain the vulnerability has not been exploited. Forums where some user-created discussions were pinned can look at the first post edit date to find whether the vulnerability might have been exploited. Because Flarum doesn&apos;t store the post content history, you cannot be certain if a malicious edit was reverted. The fix will be available in version v0.1.0-beta.16 with Flarum beta 16. The fix has already been back-ported to Flarum beta 15 as version v0.1.0-beta.15.1 of the Sticky extension. Forum administrators can disable the Sticky extension until they are able to apply the update. The vulnerability cannot be exploited while the extension is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21283">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22687">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:36:41">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-23776 ‼</strong><br><br><code>A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header &apos;HOST&apos; value to cause the server to send the request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23776">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22688">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:36:42">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3309 ‼</strong><br><br><code>packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3309">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22689">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:36:44">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-26271 ‼</strong><br><br><code>It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26271">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22690">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:36:45">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-21271 ‼</strong><br><br><code>Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, we added a new Timestamp field to Evidence structs. This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. (This algorithm relies on the timestamp of the last commit from this specific block.) In Tendermint Core v0.34.0-v0.34.2, the consensus reactor is responsible for forming DuplicateVoteEvidence whenever double signs are observed. However, the current block is still â€&amp;oelig;in flightâ€� when it is being formed by the consensus reactor. It hasn’t been finalized through network consensus yet. This means that different nodes in the network may observe different â€&amp;oelig;last commitsâ€� when assigning a timestamp to DuplicateVoteEvidence. In turn, different nodes could form DuplicateVoteEvidence objects at the same height but with different timestamps. One DuplicateVoteEvidence object (with one timestamp) will then eventually get finalized in the block, but this means that any DuplicateVoteEvidence with a different timestamp is considered invalid. Any node that formed invalid DuplicateVoteEvidence will continue to propose invalid evidence; its peers may see this, and choose to disconnect from this node. This bug means that double signs are DoS vectors in Tendermint Core v0.34.0-v0.34.2. Tendermint Core v0.34.3 is a security release which fixes this bug. As of v0.34.3, DuplicateVoteEvidence is no longer formed by the consensus reactor; rather, the consensus reactor passes the Votes themselves into the EvidencePool, which is now responsible for forming DuplicateVoteEvidence. The EvidencePool has timestamp info that should be consistent across the network, which means that DuplicateVoteEvidence formed in this reactor should have consistent timestamps. This release changes the API between the consensus and evidence reactors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21271">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22691">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 20:36:47">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3156 ‼</strong><br><br><code>Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via &quot;sudoedit -s&quot; and a command-line argument that ends with a single backslash character:</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3156">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22692">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 22:36:28">
22:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2013-2512 ‼</strong><br><br><code>The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2512">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22693">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 22:36:29">
22:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3317 ‼</strong><br><br><code>KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3317">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22694">

      <div class="body">

       <div class="pull_right date details" title="26.01.2021 22:36:31">
22:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3165 ‼</strong><br><br><code>SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3165">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-749">

      <div class="body details">
27 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22695">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 08:37:04">
08:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3272 ‼</strong><br><br><code>jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22696">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 09:45:49">
09:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update ❌</strong><br><br><code>An anonymous researcher identified bugs in the software’s kernel and WebKit browser engine that are likely part of an exploit chain.</code><br><br><a href="https://threatpost.com/apple-patches-zero-days-ios-emergency-update/163374/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22697">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 10:56:49">
10:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Apple critical patches fix in-the-wild iPhone exploits – update now! ⚠</strong><br><br><code>Apple says. &quot;Additional details available soon&quot;, which you can translate as &quot;this one took us by surprise&quot;. So patch now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/27/apple-critical-patches-fix-in-the-wild-iphone-exploits-update-now/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22698">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 11:27:09">
11:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How ghost accounts could leave your organization vulnerable to ransomware 🦿</strong><br><br><code>Active accounts for people who have left your organization are ripe for exploitation, according to Sophos.</code><br><br><a href="https://www.techrepublic.com/article/how-ghost-accounts-could-leave-your-organization-vulnerable-to-ransomware/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22699">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 12:23:05">
12:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Security&apos;s Inevitable Shift to the Edge 🕴</strong><br><br><code>As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.</code><br><br><a href="https://www.darkreading.com/cloud/securitys-inevitable-shift-to-the-edge/a/d-id/1339900?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22700">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 12:37:17">
12:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4967 ‼</strong><br><br><code>IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4967">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22701">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 12:37:18">
12:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4816 ‼</strong><br><br><code>IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4816">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22702">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 12:37:19">
12:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-36012 ‼</strong><br><br><code>Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36012">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22703">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 12:37:20">
12:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4820 ‼</strong><br><br><code>IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4820">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22704">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 12:37:21">
12:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4628 ‼</strong><br><br><code>IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4628">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22705">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 12:37:22">
12:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4815 ‼</strong><br><br><code>IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4815">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22706">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 13:23:04">
13:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Apple Patches Three iOS Zero-Day Vulnerabilities 🕴</strong><br><br><br><br><a href="https://www.darkreading.com/endpoint/apple-patches-three-ios-zero-day-vulnerabilities/d/d-id/1339992?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22707">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 13:57:06">
13:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Why Ubuntu 21.04 is an important release, even without GNOME 40 🦿</strong><br><br><code>Jack Wallen discusses why the upcoming Ubuntu 21.04 is more important than some of its features would imply.</code><br><br><a href="https://www.techrepublic.com/article/why-ubuntu-21-04-is-an-important-release-even-without-gnome-40/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22708">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:24">
14:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-16106 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16106">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22709">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:25">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-16105 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16105">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22710">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:26">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-16107 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16107">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22711">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:27">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-16114 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16114">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22712">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:28">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-16108 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16108">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22713">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:29">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23356 ‼</strong><br><br><code>dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23356">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22714">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:30">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23352 ‼</strong><br><br><code>Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23352">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22715">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:31">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-16110 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16110">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22716">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:32">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-16115 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16115">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22717">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:33">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25312 ‼</strong><br><br><code>HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25312">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22718">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:34">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-16113 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16113">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22719">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:35">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23355 ‼</strong><br><br><code>** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23355">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22720">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:36">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-16112 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16112">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22721">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:37">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-16109 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16109">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22722">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:41">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25311 ‼</strong><br><br><code>condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25311">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22723">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:42">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23361 ‼</strong><br><br><code>phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23361">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22724">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:43">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-16111 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16111">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22725">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:44">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23360 ‼</strong><br><br><code>oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23360">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22726">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 14:37:45">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23359 ‼</strong><br><br><code>WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22727">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 15:16:01">
15:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline ❌</strong><br><br><code>Hundreds of servers and 1 million Emotet infections have been dismantled globally, while tales have emerged on Twitter that NetWalker&apos;s Dark Web leaks site is offline.</code><br><br><a href="https://threatpost.com/emotet-takedown-infrastructure-netwalker-offline/163389/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22728">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 15:16:02">
15:16
       </div>

       <div class="text">
<strong>❌ ADT Security Camera Flaw Opened Homes, Stores to Eavesdropping ❌</strong><br><br><code>Researchers publicly disclosed flaws in ADT&apos;s LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more.</code><br><br><a href="https://threatpost.com/adt-security-camera-flaw-opened-homes-stores-to-eavesdropping/163378/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22729">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 15:22:06">
15:22
       </div>

       <div class="text">
<strong>🕴 4 Clues to Spot a Bot Network 🕴</strong><br><br><code>Protect against misinformation and disinformation campaigns by learning how to identify the bot networks spreading falsehoods.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/4-clues-to-spot-a-bot-network/a/d-id/1339937?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22730">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 15:22:07">
15:22
       </div>

       <div class="text">
<strong>🕴 Many Cybersecurity Job Candidates Are Subpar, While On-the-Job Training Falls Short 🕴</strong><br><br><code>With demand for skilled cybersecurity workers so high, is it really surprising that most companies are seeing fewer qualified applicants?</code><br><br><a href="https://www.darkreading.com/careers-and-people/many-cybersecurity-job-candidates-are-subpar-while-on-the-job-training-falls-short/d/d-id/1339993?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22731">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 15:29:06">
15:29
       </div>

       <div class="text">
<strong>🔏 Digital Guardian&apos;s Most Popular Resources of 2020 🔏</strong><br><br><code>What worked for us in 2020? We look back at the most popular eBooks, webinars, and reports from the past 12 months.</code><br><br><a href="https://digitalguardian.com/blog/digital-guardians-most-popular-resources-2020">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22732">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:23:12">
16:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Security Business Exceeds $10B in Revenue 🕴</strong><br><br><code>Microsoft&apos;s security division has grown more than 40% year-over-year, the company reports alongside security product updates.</code><br><br><a href="https://www.darkreading.com/cloud/microsoft-security-business-exceeds-%2410b-in-revenue/d/d-id/1339994?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22733">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:28">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4189 ‼</strong><br><br><code>IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the system. IBM X-Force ID: 174850.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4189">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22734">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:30">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-5427 ‼</strong><br><br><code>In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5427">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22735">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:31">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4865 ‼</strong><br><br><code>IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4865">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22736">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:32">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-20357 ‼</strong><br><br><code>IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20357">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22737">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:33">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4547 ‼</strong><br><br><code>IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim&apos;s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4547">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22738">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:34">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4786 ‼</strong><br><br><code>IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4786">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22739">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:35">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4787 ‼</strong><br><br><code>IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4787">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22740">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:36">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4855 ‼</strong><br><br><code>IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4855">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22741">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:36">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-5428 ‼</strong><br><br><code>In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5428">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22742">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:37">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4952 ‼</strong><br><br><code>IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4952">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22743">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:38">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4524 ‼</strong><br><br><code>IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4524">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22744">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:39">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-3318 ‼</strong><br><br><code>attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3318">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22745">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:37:40">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4789 ‼</strong><br><br><code>IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing &quot;dot dot&quot; sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4789">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22746">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 16:46:04">
16:46
       </div>

       <div class="text">
<strong>❌ Sudo Bug Gives Root Access to Mass Numbers of Linux Systems ❌</strong><br><br><code>Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo.</code><br><br><a href="https://threatpost.com/sudo-bug-root-access-linux-2/163395/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22747">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 17:27:09">
17:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Emotet malware taken down by global law enforcement effort 🦿</strong><br><br><code>The infamous botnet has been disrupted thanks to an international effort across the US, Canada, and several European nations.</code><br><br><a href="https://www.techrepublic.com/article/emotet-malware-taken-down-by-global-law-enforcement-effort/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22748">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 17:46:07">
17:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming ❌</strong><br><br><code>A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren&apos;t connected to the internet.</code><br><br><a href="https://threatpost.com/remote-attackers-internal-network-devices-nat-slipstreaming/163400/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22749">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:16:08">
18:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ NetWalker Ransomware Suspect Charged: Tor Site Seized ❌</strong><br><br><code>The suspect allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector.</code><br><br><a href="https://threatpost.com/netwalker-ransomware-suspect-charged/163405/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22750">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:36">
18:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26118 ‼</strong><br><br><code>While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26118">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22751">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:37">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-3325 ‼</strong><br><br><code>Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3325">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22752">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:38">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22653 ‼</strong><br><br><code>Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22653">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22753">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:39">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25226 ‼</strong><br><br><code>A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25226">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22754">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:40">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25224 ‼</strong><br><br><code>A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25224">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22755">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:41">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22637 ‼</strong><br><br><code>Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22637">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22756">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:42">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-3326 ‼</strong><br><br><code>The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3326">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22757">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:43">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25247 ‼</strong><br><br><code>A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25247">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22758">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:44">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25225 ‼</strong><br><br><code>A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25225">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22759">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:45">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-26117 ‼</strong><br><br><code>The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26117">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22760">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:49">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-26276 ‼</strong><br><br><code>** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26276">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22761">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:50">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22655 ‼</strong><br><br><code>Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22655">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22762">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:50">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22639 ‼</strong><br><br><code>An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22639">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22763">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:37:51">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-22641 ‼</strong><br><br><code>A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22641">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22764">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 18:46:08">
18:46
       </div>

       <div class="text">
<strong>❌ TeamTNT Cloaks Malware With Open-Source Tool ❌</strong><br><br><code>The detection-evasion tool, libprocesshider, hides TeamTNT&apos;s malware from process-information programs.</code><br><br><a href="https://threatpost.com/teamtnt-cloaks-malware-open-source-tool/163414/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22765">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 19:25:11">
19:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Critical Vulnerability Patched in &apos;sudo&apos; Utility for Unix-Like OSes 🕴</strong><br><br><code>Flaw exists in versions of sudo going back nearly 10 years; USCYBERCOM recommends organizations patch immediately.</code><br><br><a href="https://www.darkreading.com/application-security/critical-vulnerability-patched-in-sudo-utility-for-unix-like-oses/d/d-id/1339996?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22766">

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 19:25:12">
19:25
       </div>

       <div class="text">
<strong>🕴 Intl. Law Enforcement Operation Disrupts Emotet Botnet 🕴</strong><br><br><code>Global law enforcement agencies have seized control of Emotet infrastructure, disrupting one of the world&apos;s most pervasive and dangerous cyber threats.</code><br><br><a href="https://www.darkreading.com/endpoint/intl-law-enforcement-operation-disrupts-emotet-botnet/d/d-id/1340000?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22767">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.01.2021 21:25:04">
21:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3331 ‼</strong><br><br><code>WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3331">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-750">

      <div class="body details">
28 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22768">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 03:23:35">
03:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Data Privacy Day 2021: Pandemic Response Data Must Align with Data Privacy Rules 🕴</strong><br><br><code>Amid a pandemic, Data Privacy Day this year brings forth expanded responsibilities for organizations in the response to COVID-19.</code><br><br><a href="https://www.darkreading.com/omdia/data-privacy-day-2021-pandemic-response-data-must-align-with-data-privacy-rules/a/d-id/1340004?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22769">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 03:38:00">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-25785 ‼</strong><br><br><code>An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25785">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22770">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 03:38:01">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-25783 ‼</strong><br><br><code>An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25783">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22771">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 03:38:01">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-25784 ‼</strong><br><br><code>An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25784">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22772">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 03:38:02">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-25782 ‼</strong><br><br><code>An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25782">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22773">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 03:38:03">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-0237 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22774">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 03:38:04">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-26067 ‼</strong><br><br><code>Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26067">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22775">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 10:27:15">
10:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Cybersecurity tips for university students ⚠</strong><br><br><code>An informal survey of 15 students suggested that most were unconcerned about cybersecurity. Don&apos;t be one of them!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/28/cybersecurity-tips-for-university-students/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22776">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 10:38:21">
10:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20620 ‼</strong><br><br><code>Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20620">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22777">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 10:38:22">
10:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20622 ‼</strong><br><br><code>Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20622">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22778">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 10:38:23">
10:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-5626 ‼</strong><br><br><code>Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5626">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22779">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 10:38:24">
10:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-20621 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20621">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22780">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 11:27:18">
11:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep17: Facemasks, hidden ads and paranormal hacking [Podcast] ⚠</strong><br><br><code>Latest podcast - listen now! And don&apos;t forget to leave us a review if you like us...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/28/s3-ep17-facemasks-hidden-ads-and-paranormal-hacking-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22781">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 11:42:59">
11:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Sifter 11.5 🛠</strong><br><br><code>Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.</code><br><br><a href="https://packetstormsecurity.com/files/161181/sifter-11.5.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22782">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 12:24:12">
12:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Digital Identity Is the New Security Control Plane 🕴</strong><br><br><code>Simplifying the management of security systems helps provide consistent protection for the new normal.</code><br><br><a href="https://www.darkreading.com/endpoint/authentication/digital-identity-is-the-new-security-control-plane/a/d-id/1339913?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22783">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 12:24:13">
12:24
       </div>

       <div class="text">
<strong>🕴 Building Your Personal Privacy Risk Tolerance Profile 🕴</strong><br><br><code>Even today, on Data Privacy Day, privacy professionals give you permission to admit you actually love targeted ads.</code><br><br><a href="https://www.darkreading.com/edge/theedge/building-your-personal-privacy-risk-tolerance-profile/b/d-id/1339998?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22784">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 12:38:26">
12:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-4682 ‼</strong><br><br><code>IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22785">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 12:38:27">
12:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-4888 ‼</strong><br><br><code>IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4888">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22786">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 12:38:27">
12:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13569 ‼</strong><br><br><code>A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13569">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22787">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 12:59:40">
12:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Data Privacy Day 2021: Seven Tips to Keep Your Data Safe 🔏</strong><br><br><code>We’re sharing seven tips to help you keep your data safe this Data Privacy Day.</code><br><br><a href="https://digitalguardian.com/blog/data-privacy-day-2021-seven-tips-keep-your-data-safe">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22788">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 13:16:46">
13:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball ❌</strong><br><br><code>A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack.</code><br><br><a href="https://threatpost.com/mimecast-solarwinds-hack-security-vendor-victims/163431/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22789">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 13:54:15">
13:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Breach Data Highlights a Pivot to Orgs Over Individuals 🕴</strong><br><br><code>In 2020, breaches were down by 19%, while the impact of those compromises -- measured in people affected -- fell by nearly two-thirds.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/breach-data-highlights-a-pivot-to-orgs-over-individuals/d/d-id/1340005?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22790">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 14:16:47">
14:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages ❌</strong><br><br><code>A phishing kit has been found running on at least 700 domains - and mimicking services via false SharePoint, OneDrive and Office 365 login portals.</code><br><br><a href="https://threatpost.com/logokit-simplifies-office-365-sharepoint-login-phishing-pages/163430/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22791">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 15:17:21">
15:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Utah Ponders Making Online ‘Catfishing’ a Crime ❌</strong><br><br><code>Pretending to be someone else online could become a criminal offense, setting a precedent for other states to follow.</code><br><br><a href="https://threatpost.com/utah-ponders-making-online-catfishing-a-crime/163456/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22792">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 15:29:40">
15:29
       </div>

       <div class="text">
<strong>⚠ Cybersecurity tips for university students ⚠</strong><br><br><code>An informal survey of 15 students suggested that most were unconcerned about cybersecurity. Don&apos;t be one of them!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/28/cybersecurity-tips-for-university-students/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22793">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 15:29:41">
15:29
       </div>

       <div class="text">
<strong>🦿 The top 5 reasons data privacy should be practiced every day 🦿</strong><br><br><code>Working from home because of the pandemic has led to sensitive corporate information being stored on private devices, and experts say protecting data must become a business imperative.</code><br><br><a href="https://www.techrepublic.com/article/the-top-5-reasons-data-privacy-should-be-practiced-every-day/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22794">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 15:29:42">
15:29
       </div>

       <div class="text">
<strong>🦿 How to protect your organization&apos;s remote endpoints against ransomware 🦿</strong><br><br><code>A lack of visibility into remote endpoints can leave your organization vulnerable to ransomware attacks, says security provider Illumio.</code><br><br><a href="https://www.techrepublic.com/article/how-to-protect-your-organizations-remote-endpoints-against-ransomware/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22795">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 16:38:36">
16:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22875 ‼</strong><br><br><code>Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22796">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 16:38:37">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-22874 ‼</strong><br><br><code>Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22874">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22797">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 16:57:36">
16:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Data Privacy Day: 10 experts give advice for protecting your business 🦿</strong><br><br><code>Data Privacy Day is dedicated to achieving sound privacy practices to protect businesses and customers. Learn insights from 10 experts in the field to help safeguard your company.</code><br><br><a href="https://www.techrepublic.com/article/data-privacy-day-10-experts-give-advice-for-protecting-your-business/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22798">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 16:57:37">
16:57
       </div>

       <div class="text">
<strong>🦿 How to install and use ClamAV on Ubuntu Server 20.04 🦿</strong><br><br><code>Your Linux servers could use a system to scan for malicious files. Jack Wallen shows you how with the help of ClamAV.</code><br><br><a href="https://www.techrepublic.com/article/how-to-install-and-use-clamav-on-ubuntu-server-20-04/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22799">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 17:16:54">
17:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Rocke Group’s Malware Now Has Worm Capabilities ❌</strong><br><br><code>The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics.</code><br><br><a href="https://threatpost.com/rocke-groups-malware-now-has-worm-capabilities/163463/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22800">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:03">
18:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-1723 ‼</strong><br><br><code>The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1723">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22801">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:03">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-20183 ‼</strong><br><br><code>It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20183">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22802">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:04">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-20187 ‼</strong><br><br><code>It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20187">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22803">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:05">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2019-25016 ‼</strong><br><br><code>There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-25016">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22804">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:06">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3160 ‼</strong><br><br><code>Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3160">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22805">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:10">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-26272 ‼</strong><br><br><code>The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22806">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:11">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-35517 ‼</strong><br><br><code>A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35517">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22807">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:12">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-36115 ‼</strong><br><br><code>Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the &apos;Add New Record Feature&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36115">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22808">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:12">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25647 ‼</strong><br><br><code>Mobile application &quot;Testes de Codigo&quot; v11.3 and prior allows stored XSS by injecting a payload in the &quot;feedback&quot; message field causing it to be stored in the remote database and leading to its execution on client devices when loading the &quot;feedback list&quot;, either by accessing the website directly or using the mobile application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25647">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22809">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:13">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-20184 ‼</strong><br><br><code>It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20184">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22810">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:17">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-1725 ‼</strong><br><br><code>A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1725">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22811">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:18">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-20186 ‼</strong><br><br><code>It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20186">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22812">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:19">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-35754 ‼</strong><br><br><code>OpenSolution Quick.CMS &lt; 6.7 and Quick.Cart &lt; 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35754">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22813">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:19">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3337 ‼</strong><br><br><code>The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3337">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22814">

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:39:20">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-20185 ‼</strong><br><br><code>It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20185">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22815">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 18:54:24">
18:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Law Enforcement Aims to Take Down Netwalker Ransomware 🕴</strong><br><br><code>The Department of Justice has so far charged one Canadian national and seized nearly $500,000 in relation to Netwalker ransomware.</code><br><br><a href="https://www.darkreading.com/endpoint/law-enforcement-aims-to-take-down-netwalker-ransomware/d/d-id/1340009?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22816">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 20:27:33">
20:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Data privacy laws: A mini glossary 🦿</strong><br><br><code>Wondering which data privacy laws affect your area or the type of data you&apos;re working with? Find out with this glossary of rules from around the world.</code><br><br><a href="https://www.techrepublic.com/article/data-privacy-laws-a-mini-glossary/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22817">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.01.2021 20:52:35">
20:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-8585 ‼</strong><br><br><code>OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8585">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-751">

      <div class="body details">
29 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22818">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 04:25:09">
04:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3336 ‼</strong><br><br><code>DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3336">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22819">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 04:25:10">
04:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3341 ‼</strong><br><br><code>A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3341">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22820">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 04:25:11">
04:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-26307 ‼</strong><br><br><code>An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26307">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22821">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 04:25:12">
04:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-26306 ‼</strong><br><br><code>An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26306">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22822">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 04:25:13">
04:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-26304 ‼</strong><br><br><code>PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26304">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22823">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 04:25:17">
04:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-26308 ‼</strong><br><br><code>An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26308">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22824">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 04:25:18">
04:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-26303 ‼</strong><br><br><code>PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26303">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22825">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 04:25:19">
04:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-26305 ‼</strong><br><br><code>An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26305">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22826">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 10:25:14">
10:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 2020 Marked a Renaissance in DDoS Attacks 🕴</strong><br><br><code>Amid the global pandemic, cybercriminals ramped up use of one of the oldest attack techniques around.</code><br><br><a href="https://www.darkreading.com/cloud/2020-marked-a-renaissance-in-ddos-attacks-/d/d-id/1340013?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22827">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 11:25:11">
11:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Lazarus Affiliate ‘ZINC’ Blamed for Campaign Against Security Researcher ❌</strong><br><br><code>New details emerge of how North Korean-linked APT won trust of experts and exploited Visual Studio to infect systems with ‘Comebacker’ malware.</code><br><br><a href="https://threatpost.com/lazarus-affiliate-zinc-blamed-for-campaign-against-security-researcher/163474/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22828">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 11:25:12">
11:25
       </div>

       <div class="text">
<strong>⚠ The mystery of the missing Perl website ⚠</strong><br><br><code>A long-running domain supporting the popular programming language Perl has suddenly vanished. We don&apos;t yet know how or why.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/29/the-mystery-of-the-missing-perl-webite/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22829">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 12:25:14">
12:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Digital Guardian Named a Top Place to Work in the US 🔏</strong><br><br><code>Digital Guardian was named a top place to work in the United States in 2021!</code><br><br><a href="https://digitalguardian.com/blog/digital-guardian-named-top-place-work-us">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22830">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 12:25:16">
12:25
       </div>

       <div class="text">
<strong>🕴 Is the Web Supply Chain Next in Line for State-Sponsored Attacks? 🕴</strong><br><br><code>Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/is-the-web-supply-chain-next-in-line-for-state-sponsored-attacks/a/d-id/1339936?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22831">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 13:25:08">
13:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Friday Five 1/29 🔏</strong><br><br><code>Linux bugs, hacker personas, and the Emotet botnet disrupted - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-1/29">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22832">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 13:25:10">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25909 ‼</strong><br><br><code>ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25909">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22833">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 13:25:12">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25910 ‼</strong><br><br><code>Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25910">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22834">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 13:25:13">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25123 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice addlicense_func function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25123">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22835">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 13:25:16">
13:25
       </div>

       <div class="text">
<strong>🦿 6 data categories to learn for faster cybersecurity responses 🦿</strong><br><br><code>By knowing the different types of data, it can help your company protect itself from breaches and better recover from a cyberattack.</code><br><br><a href="https://www.techrepublic.com/article/identifying-data-terms-can-improve-cybersecurity-efficiency/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22836">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 14:25:13">
14:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Friday Five 1/29 🔏</strong><br><br><code>Linux bugs, hacker personas, and the Emotet botnet disrupted - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-1/29">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22837">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 14:25:14">
14:25
       </div>

       <div class="text">
<strong>🔏 Digital Guardian Named a Top Place to Work in the US 🔏</strong><br><br><code>Digital Guardian was named a top place to work in the United States in 2021!</code><br><br><a href="https://digitalguardian.com/blog/digital-guardian-named-top-place-work-us">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22838">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 14:25:15">
14:25
       </div>

       <div class="text">
<strong>🦿 Identifying data terms can improve cybersecurity efficiency 🦿</strong><br><br><code>The term &quot;data&quot; is vague. Knowing the types of data helps companies protect themselves and better recover from a cyberattack.</code><br><br><a href="https://www.techrepublic.com/article/identifying-data-terms-can-improve-cybersecurity-efficiency/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22839">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 14:25:16">
14:25
       </div>

       <div class="text">
<strong>❌ Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System ❌</strong><br><br><code>Apple has made structural improvements in iOS 14 to block message-based, zero-click exploits.</code><br><br><a href="https://threatpost.com/apple-ios-imessage-blastdoor/163479/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22840">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 15:25:12">
15:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 CISA warns of attacks on cloud-based services 🦿</strong><br><br><code>Companies are most vulnerable when employees work from home or use a combination of company and personal devices.</code><br><br><a href="https://www.techrepublic.com/videos/cisa-warns-of-attacks-on-cloud-based-services/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22841">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 15:25:13">
15:25
       </div>

       <div class="text">
<strong>🦿 SolarWinds attack: Cybersecurity experts share lessons learned and how to protect your business 🦿</strong><br><br><code>The highly sophisticated SolarWinds attack was designed to circumvent threat detection—and it did, for much too long. Two cybersecurity experts share some valuable lessons learned from the attack.</code><br><br><a href="https://www.techrepublic.com/article/solarwinds-attack-cybersecurity-experts-share-lessons-learned-and-how-to-protect-your-business/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22842">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 15:25:15">
15:25
       </div>

       <div class="text">
<strong>🦿 Is your boss spying on you? It&apos;s possible, and privacy laws aren&apos;t there yet 🦿</strong><br><br><code>Some companies are using monitoring software to keep tabs on employees working from home. Some organizations are crying foul.</code><br><br><a href="https://www.techrepublic.com/videos/is-your-boss-spying-on-you-its-possible-and-privacy-laws-arent-there-yet/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22843">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 15:25:17">
15:25
       </div>

       <div class="text">
<strong>🦿 Vishing: FBI says beware of voice phishing at large organizations 🦿</strong><br><br><code>Attackers are tricking employees into logging into phishing sites.</code><br><br><a href="https://www.techrepublic.com/videos/vishing-fbi-says-beware-of-voice-phishing-at-large-organizations/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22844">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 15:25:18">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3345 ‼</strong><br><br><code>_gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 has a heap-based buffer overflow when the digest final function sets a large count value.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3345">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22845">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 15:25:19">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-20586 ‼</strong><br><br><code>Resource management errors vulnerability in a robot controller of MELFA FR Series(controller &quot;CR800-*V*D&quot; of RV-*FR***-D-* all versions, controller &quot;CR800-*HD&quot; of RH-*FRH***-D-* all versions, controller &quot;CR800-*HRD&quot; of RH-*FRHR***-D-* all versions, controller &quot;CR800-*V*R with R16RTCPU&quot; of RV-*FR***-R-* all versions, controller &quot;CR800-*HR with R16RTCPU&quot; of RH-*FRH***-R-* all versions, controller &quot;CR800-*HRR with R16RTCPU&quot; of RH-*FRHR***-R-* all versions, controller &quot;CR800-*V*Q with Q172DSRCPU&quot; of RV-*FR***-Q-* all versions, controller &quot;CR800-*HQ with Q172DSRCPU&quot; of RH-*FRH***-Q-* all versions, controller &quot;CR800-*HRQ with Q172DSRCPU&quot; of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller &quot;CR800-CVD&quot; of RV-8CRL-D-* all versions, controller &quot;CR800-CHD&quot; of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller &quot;CR800-05VD&quot; of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20586">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22846">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 15:25:20">
15:25
       </div>

       <div class="text">
<strong>❌ Industrial Gear at Risk from Fuji Code-Execution Bugs ❌</strong><br><br><code>Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more.</code><br><br><a href="https://threatpost.com/industrial-gear-fuji-code-execution-bugs/163490/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22847">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 17:25:06">
17:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3346 ‼</strong><br><br><code>Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3346">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22848">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 17:25:07">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3347 ‼</strong><br><br><code>An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3347">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22849">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 17:25:08">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-23328 ‼</strong><br><br><code>This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23328">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22850">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 17:25:09">
17:25
       </div>

       <div class="text">
<strong>🕴 FBI Encounters: Reporting an Insider Security Incident to the Feds 🕴</strong><br><br><code>Most insider incidents don&apos;t get reported to the FBI due to fear of debilitating business disruptions, public embarrassment, and screeching vans skidding into the parking lot to confiscate servers. But is that reality?</code><br><br><a href="https://www.darkreading.com/edge/theedge/fbi-encounters-reporting-an-insider-security-incident-to-the-feds-/b/d-id/1340016?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22851">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 17:25:10">
17:25
       </div>

       <div class="text">
<strong>🕴 Ransomware Payoffs Surge by 311% to Nearly $350 Million 🕴</strong><br><br><code>Payments to ransomware gangs using cryptocurrency more than quadrupled in 2020, with less than 200 cryptocurrency wallets receiving 80% of funds.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/ransomware-payoffs-surge-by-311--to-nearly-%24350-million/d/d-id/1340017?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22852">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 18:25:07">
18:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Distributed denial of service (DDoS) attacks: A cheat sheet 🦿</strong><br><br><code>This comprehensive guide covers different types of denial of service attacks, DDoS protection strategies, as well as why it matters for business.</code><br><br><a href="https://www.techrepublic.com/article/distributed-denial-of-service-ddos-attacks-a-cheat-sheet/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22853">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:04">
19:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-25134 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setremoteimageinfo_func function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25134">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22854">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:07">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25130 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setactdir_func function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22855">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:09">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-29557 ‼</strong><br><br><code>An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29557">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22856">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:11">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25129 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func function path traversal vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22857">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:12">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-24666 ‼</strong><br><br><code>The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the &apos;Display Name&apos; parameter. Remediated in &gt;= 9.1.0.1</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24666">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22858">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:14">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25131 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setfwimagelocation_func function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25131">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22859">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:15">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-24669 ‼</strong><br><br><code>The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the &apos;Analysis Report Description&apos; field in &apos;About this Report&apos; section. Remediated in &gt;= 8.3.0.9, &gt;= 9.0.0.1, and &gt;= 9.1.0.0 GA.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24669">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22860">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:16">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25125 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25125">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22861">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:18">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-24670 ‼</strong><br><br><code>The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the &apos;type&apos; attribute of &apos;dashboardXml&apos; parameter. Remediated in &gt;= 7.1.0.25, &gt;= 8.2.0.6, and &gt;= 8.3.0.0 GA.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24670">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22862">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:19">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25128 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice gethelpdata_func function path traversal vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22863">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:20">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25124 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25124">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22864">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:21">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25126 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22865">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:22">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25127 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice generatesslcertificate_func function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22866">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:23">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-24664 ‼</strong><br><br><code>The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the &apos;pho:title&apos; attribute of &apos;dashboardXml&apos; parameter. Remediated in &gt;= 7.1.0.25, &gt;= 8.2.0.6, and &gt;= 8.3.0.0 GA.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24664">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22867">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:23">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25138 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice uploadsshkey function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25138">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22868">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:24">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25132 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setmediaconfig_func function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25132">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22869">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:25">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-25137 ‼</strong><br><br><code>The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice startflash_func function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25137">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22870">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:26">
19:25
       </div>

       <div class="text">
<strong>🕴 Cloud Security Startup Armo Emerges from Stealth with $4.5M 🕴</strong><br><br><code>Armo&apos;s platform was developed to protect cloud-native workloads and provide DevOps teams with greater visibility and control.</code><br><br><a href="https://www.darkreading.com/cloud/cloud-security-startup-armo-emerges-from-stealth-with-%2445m/d/d-id/1340018?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22871">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:27">
19:25
       </div>

       <div class="text">
<strong>❌ WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites ❌</strong><br><br><code>The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.</code><br><br><a href="https://threatpost.com/wordpress-pop-up-builder-plugin-flaw-plagues-200k-sites/163500/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22872">

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 19:25:28">
19:25
       </div>

       <div class="text">
<strong>❌ Microsoft 365 Becomes Haven for BEC Innovation ❌</strong><br><br><code>Two new phishing tactics use the platform&apos;s automated responses to evade email filters.</code><br><br><a href="https://threatpost.com/microsoft-365-bec-innovation/163508/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22873">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.01.2021 21:25:07">
21:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-21254 ‼</strong><br><br><code>CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version &lt;= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21254">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-752">

      <div class="body details">
30 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22874">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.01.2021 09:25:11">
09:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-17380 ‼</strong><br><br><code>A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17380">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22875">

      <div class="body">

       <div class="pull_right date details" title="30.01.2021 09:25:12">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-14418 ‼</strong><br><br><code>A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14418">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22876">

      <div class="body">

       <div class="pull_right date details" title="30.01.2021 09:25:14">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-15690 ‼</strong><br><br><code>In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15690">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-753">

      <div class="body details">
31 January 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22877">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.01.2021 00:25:15">
00:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ GnuPG crypto library can be pwned during decryption – patch now! ⚠</strong><br><br><code>Many, if not most, Linux distros will be affected. Users of other operating systems should check for software that uses libgcrypt.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/01/31/gnupg-crypto-library-can-be-pwned-during-decryption-patch-now/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22878">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.01.2021 15:25:15">
15:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23329 ‼</strong><br><br><code>The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23329">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-754">

      <div class="body details">
1 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22879">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 00:25:16">
00:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Emotet takedown – Europol attacks “world’s most dangerous malware” ⚠</strong><br><br><code>Great news from Europol - if you&apos;ve heard of Emotet, you&apos;ll have a good idea how badly things often end for its victims.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/01/emotet-takedown-europol-attacks-worlds-most-dangerous-malware/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22880">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 10:25:10">
10:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Security chaos engineering helps you find weak links in your cyber defenses before attackers do 🦿</strong><br><br><code>Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.</code><br><br><a href="https://www.techrepublic.com/article/security-chaos-engineering-helps-you-find-weak-links-in-your-cyber-defenses-before-attackers-do/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22881">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 12:25:14">
12:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Strengthening Zero-Trust Architecture 🕴</strong><br><br><code>Organizations that want to stay ahead of cybercriminals will find that going beyond user trust and device trust is critical for outwitting their adversaries.</code><br><br><a href="https://www.darkreading.com/risk/strengthening-zero-trust-architecture/a/d-id/1339916?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22882">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 13:25:09">
13:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-36109 ‼</strong><br><br><code>ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36109">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22883">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 13:25:10">
13:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-28194 ‼</strong><br><br><code>Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28194">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22884">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 14:25:15">
14:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 AIDE 0.17.1 🛠</strong><br><br><code>AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.</code><br><br><a href="https://packetstormsecurity.com/files/161234/aide-0.17.1.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22885">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 14:25:17">
14:25
       </div>

       <div class="text">
<strong>🛠 Wireshark Analyzer 3.4.3 🛠</strong><br><br><code>Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/161235/wireshark-3.4.3.tar.xz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22886">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 14:25:18">
14:25
       </div>

       <div class="text">
<strong>🕴 Rapid7 Acquires Alcide, Strengthens Focus on Cloud 🕴</strong><br><br><code>Its $50 million purchase of Alcide, a Kubernetes security provider, follows its 2020 acquisition of cloud security vendor DivvyCloud.</code><br><br><a href="https://www.darkreading.com/cloud/rapid7-acquires-alcide-strengthens-focus-on-cloud/d/d-id/1340023?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22887">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 14:25:19">
14:25
       </div>

       <div class="text">
<strong>❌ Alleged Gaming Software Supply-Chain Attack Installs Spyware ❌</strong><br><br><code>Researchers allege that software used for downloading Android apps onto PCs and Macs has been compromised to install malware onto victim devices.</code><br><br><a href="https://threatpost.com/gaming-software-attack-spyware/163537/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22888">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 14:25:20">
14:25
       </div>

       <div class="text">
<strong>❌ Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code ❌</strong><br><br><code>The flaw in the free-source library could have been ported to multiple applications.</code><br><br><a href="https://threatpost.com/critical-libgcrypt-crypto-bug-arbitrary-code/163546/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22889">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:03">
15:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28426 ‼</strong><br><br><code>All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28426">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22890">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:04">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21277 ‼</strong><br><br><code>angular-expressions is &quot;angular&apos;s nicest part extracted as a standalone module for the browser and node&quot;. In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call &quot;expressions.compile(userControlledInput)&quot; where &quot;userControlledInput&quot; is text that comes from user input. The security of the package could be bypassed by using a more complex payload, using a &quot;.constructor.constructor&quot; technique. In terms of impact: If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. This is fixed in version 1.1.2 of angular-expressions A temporary workaround might be either to disable user-controlled input that will be fed into angular-expressions in your application or allow only following characters in the userControlledInput.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21277">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22891">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:05">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-24271 ‼</strong><br><br><code>A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&amp;password=***.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24271">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22892">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:06">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21286 ‼</strong><br><br><code>AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the pass hash and the recoverPass hash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21286">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22893">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:07">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21266 ‼</strong><br><br><code>openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity (XXE) attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from the file system. Responses to SSDP requests can be especially malicious. All add-ons that use SAX or JAXB parsing of externally received XML are potentially subject to this kind of attack. In openHAB, the following add-ons are potentially impacted: AvmFritz, BoseSoundtouch, DenonMarantz, DLinkSmarthome, Enigma2, FmiWeather, FSInternetRadio, Gce, Homematic, HPPrinter, IHC, Insteon, Onkyo, Roku, SamsungTV, Sonos, Roku, Tellstick, TR064, UPnPControl, Vitotronic, Wemo, YamahaReceiver and XPath Tranformation. The vulnerabilities have been fixed in versions 2.5.12 and 3.0.1 by a more strict configuration of the used XML parser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21266">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22894">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:08">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3282 ‼</strong><br><br><code>HashiCorp Vault Enterprise 1.6.0 &amp; 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3282">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22895">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:09">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-23330 ‼</strong><br><br><code>All versions of package launchpad are vulnerable to Command Injection via stop.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22896">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:10">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-25594 ‼</strong><br><br><code>HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 &amp; 1.5.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25594">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22897">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:11">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21276 ‼</strong><br><br><code>Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users&apos; settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21276">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22898">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:12">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3024 ‼</strong><br><br><code>HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 &amp; 1.5.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22899">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:13">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-13564 ‼</strong><br><br><code>A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22900">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:14">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-13562 ‼</strong><br><br><code>A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13562">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22901">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:15">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3283 ‼</strong><br><br><code>HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3283">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22902">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:15">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-13563 ‼</strong><br><br><code>A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22903">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:16">
15:25
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – What if my password manager gets hacked? ⚠</strong><br><br><code>Our latest Naked Security Live talk - watch now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/01/naked-security-live-what-if-my-password-manager-gets-hacked/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22904">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:17">
15:25
       </div>

       <div class="text">
<strong>🦿 Cybersecurity pros should switch from Indicators of Compromise to Indicators of Behavior 🦿</strong><br><br><code>Security experts suggest using IOBs to move from reacting to a cyberattack to preventing the incident.</code><br><br><a href="https://www.techrepublic.com/article/cybersecurity-pros-should-switch-from-indicators-of-compromise-to-indicators-of-behavior/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22905">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 15:25:18">
15:25
       </div>

       <div class="text">
<strong>🕴 US Needs Comprehensive Policy to Combat China on IP Theft 🕴</strong><br><br><code>The United States cannot lose sight of Chinese cyber operations that target intellectual property, a panel of experts says.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/us-needs-comprehensive-policy-to-combat-china-on-ip-theft/d/d-id/1340022?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22906">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 16:25:17">
16:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Name That Edge Toon: Be Careful Who You Trust 🕴</strong><br><br><code>Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.</code><br><br><a href="https://www.darkreading.com/edge/theedge/name-that-edge-toon-be-careful-who-you-trust/b/d-id/1340020?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22907">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 16:25:18">
16:25
       </div>

       <div class="text">
<strong>🕴 Edge Poll: Hook, Line, and Sinker 🕴</strong><br><br><code>How confident are you in your security team&apos;s ability to protect your organization from phishing?</code><br><br><a href="https://www.darkreading.com/edge/theedge/edge-poll-hook-line-and-sinker/b/d-id/1340021?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22908">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 17:25:07">
17:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-20296 ‼</strong><br><br><code>An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20296">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22909">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 17:25:08">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-20289 ‼</strong><br><br><code>Sql injection vulnerability in the yccms 3.3 project. The no_top function&apos;s improper judgment of the request parameters, triggers a sql injection vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20289">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22910">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 17:25:09">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-21179 ‼</strong><br><br><code>Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21179">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22911">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 17:25:10">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-20290 ‼</strong><br><br><code>Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions&apos; improper judgment of the request parameters, triggers a directory traversal vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20290">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22912">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 17:25:11">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-20287 ‼</strong><br><br><code>Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function&apos;s improper judgment of the request parameters, triggers remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20287">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22913">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 17:25:12">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-21180 ‼</strong><br><br><code>Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21180">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22914">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 17:25:13">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-20295 ‼</strong><br><br><code>An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20295">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22915">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 17:25:14">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21287 ‼</strong><br><br><code>MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.). In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed. This is fixed in version RELEASE.2021-01-30T00-20-58Z, all users are advised to upgrade. As a workaround you can disable the browser front-end with &quot;MINIO_BROWSER=off&quot; environment variable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21287">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22916">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 17:25:15">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-21176 ‼</strong><br><br><code>SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21176">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22917">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 17:25:16">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-20294 ‼</strong><br><br><code>An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20294">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22918">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 17:25:17">
17:25
       </div>

       <div class="text">
<strong>🔏 New York Could Be the Next State to Adopt a Strict Data Privacy Law 🔏</strong><br><br><code>Like California before it, New York could serve as the testing grounds for the next statewide consumer data privacy law.</code><br><br><a href="https://digitalguardian.com/blog/new-york-could-be-next-state-adopt-strict-data-privacy-law">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22919">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 17:25:19">
17:25
       </div>

       <div class="text">
<strong>🕴 Increase in Physical Security Incidents Adds to IT Security Pressures 🕴</strong><br><br><code>A new study shows that many organizations have changed their physical security strategies to address new concerns since the COVID-19 outbreak.</code><br><br><a href="https://www.darkreading.com/physical-security/increase-in-physical-security-incidents-adds-to-it-security-pressures/d/d-id/1340026?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22920">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 18:25:06">
18:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How an automated pentesting stick can address multiple security needs 🦿</strong><br><br><code>Used for offensive and defensive purposes, a penetration testing device can be configured to perform automated checks on network security and more.</code><br><br><a href="https://www.techrepublic.com/article/how-an-automated-pentesting-stick-can-address-multiple-security-needs/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22921">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 18:25:07">
18:25
       </div>

       <div class="text">
<strong>❌ SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat ❌</strong><br><br><code>Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks.</code><br><br><a href="https://threatpost.com/solarwinds-nsa-encryption/163561/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22922">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 18:25:09">
18:25
       </div>

       <div class="text">
<strong>❌ Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers ❌</strong><br><br><code>Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign.</code><br><br><a href="https://threatpost.com/hezbollah-lebanese-cedar-apt-servers/163555/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22923">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 19:25:04">
19:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Wind River Security Incident Affects SSNs, Passport Numbers ❌</strong><br><br><code>Wind River Systems is warning of a &apos;security incident&apos; after one or more files was downloaded from its network.</code><br><br><a href="https://threatpost.com/wind-river-security-incident-ssns-passport-numbers/163550/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22924">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 19:25:05">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-28493 ‼</strong><br><br><code>This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28493">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22925">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 19:25:06">
19:25
       </div>

       <div class="text">
<strong>🕴 Data on 1.4 Million Washington State Residents Breached 🕴</strong><br><br><code>Unemployment data exposed via third-party software attack.</code><br><br><a href="https://www.darkreading.com/application-security/data-on-14-million-washington-state-residents-breached/d/d-id/1340028?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22926">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 20:25:16">
20:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 5G adds more concerns: CISOs should build cybersecurity from the ground up 🦿</strong><br><br><code>Public 5G networks, private 5G networks, broader attack surfaces, and more complex environments add extra layers of vulnerability, expert says.</code><br><br><a href="https://www.techrepublic.com/article/5g-adds-more-concerns-cisos-should-build-cybersecurity-from-the-ground-up/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22927">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 20:25:17">
20:25
       </div>

       <div class="text">
<strong>🦿 5G: More speed adds more vulnerabilities, IoT security expert says 🦿</strong><br><br><code>CISOs need to be more vigilant about building cybersecurity into projects from the beginning, one CISO says.</code><br><br><a href="https://www.techrepublic.com/videos/5g-more-speed-adds-more-vulnerabilities-iot-security-expert-says/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22928">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 21:25:11">
21:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2019-20468 ‼</strong><br><br><code>An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20468">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22929">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 21:25:12">
21:25
       </div>

       <div class="text">
<strong>‼ CVE-2019-20470 ‼</strong><br><br><code>An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,&lt;password&gt;,call,&lt;mobile_number&gt; triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20470">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22930">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 21:25:15">
21:25
       </div>

       <div class="text">
<strong>‼ CVE-2019-20473 ‼</strong><br><br><code>An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a &quot;Remove PIN and restart!&quot; message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20473">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22931">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 21:25:16">
21:25
       </div>

       <div class="text">
<strong>‼ CVE-2019-20471 ‼</strong><br><br><code>An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20471">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22932">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 21:25:17">
21:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3340 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3340">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22933">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 22:25:17">
22:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3378 ‼</strong><br><br><code>FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a &quot;Content-Type: image/png&quot; header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3378">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22934">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 22:25:19">
22:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-36231 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36231">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22935">

      <div class="body">

       <div class="pull_right date details" title="01.02.2021 22:25:21">
22:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-14192 ‼</strong><br><br><code>Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product&apos;s SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14192">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-755">

      <div class="body details">
2 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message22936">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 10:25:18">
10:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Interview With a Russian Cybercriminal 🕴</strong><br><br><code>A LockBit ransomware operator shares why he became involved in cybercrime, how he chooses victims, and what&apos;s in his toolbox.</code><br><br><a href="https://www.darkreading.com/endpoint/interview-with-a-russian-cybercriminal/d/d-id/1340029?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22937">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 11:25:03">
11:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28494 ‼</strong><br><br><code>This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option shell set to true and because the type parameter is not properly sanitized.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28494">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22938">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 11:25:04">
11:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-8101 ‼</strong><br><br><code>Improper Neutralization of Special Elements used in a Command (&apos;Command Injection&apos;) vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same network to execute commands on the device. This issue affects: ADT LifeShield DIY HD Video Doorbell version 1.0.02R09 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8101">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22939">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 11:25:06">
11:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-28495 ‼</strong><br><br><code>This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some cases it is possible to achieve Denial of service (DoS), Remote Code Execution or Property Injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28495">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22940">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 11:25:07">
11:25
       </div>

       <div class="text">
<strong>❌ Identity Theft Spikes Due to COVID-19 Relief ❌</strong><br><br><code>Cases reported to the FTC doubled last year as cybercriminals took advantage of increased filing for government relief benefits due to the pandemic.</code><br><br><a href="https://threatpost.com/identity-theft-spikes-covid-19-relief/163577/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22941">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 12:19:24">
12:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Recruiting Women Can Help Solve Security&apos;s Biggest Problems 🕴</strong><br><br><code>We can solve cybersecurity&apos;s longstanding talent gap by bringing more women into the field.</code><br><br><a href="https://www.darkreading.com/how-recruiting-women-can-help-solve-securitys-biggest-problems/a/d-id/1339943?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22942">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 12:25:07">
12:25
       </div>

       <div class="text">
<strong>❌ Agent Tesla Trojan ‘Kneecaps’ Microsoft’s Anti-Malware Interface ❌</strong><br><br><code>A new version of the Agent Tesla RAT can &apos;kneecap&apos; endpoint protection software supported by Microsoft ASMI.</code><br><br><a href="https://threatpost.com/agent-tesla-microsoft-asmi/163581/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22943">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 13:07:20">
13:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-18568 ‼</strong><br><br><code>The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18568">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22944">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 13:07:20">
13:07
       </div>

       <div class="text">
<strong>‼ CVE-2020-25506 ‼</strong><br><br><code>D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25506">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22945">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 13:07:21">
13:07
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – What if my password manager gets hacked? ⚠</strong><br><br><code>Our latest Naked Security Live talk - watch now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/01/naked-security-live-what-if-my-password-manager-gets-hacked/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22946">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 13:07:22">
13:07
       </div>

       <div class="text">
<strong>🕴 Fighting Fileless Malware, Part 1: What Is It? 🕴</strong><br><br><code>Despite multiple layers of protection, fileless malware cyberattacks remain rampant and difficult to defeat. In this, the first of The Edge&apos;s three-part series about the cyberthreat and how to fight back, you&apos;ll learn what fileless malware is and why it&apos;s so dangerous.</code><br><br><a href="https://www.darkreading.com/edge/theedge/fighting-fileless-malware-part-1-what-is-it/b/d-id/1340024?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22947">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 13:49:12">
13:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 SQLMAP - Automatic SQL Injection Tool 1.5.2 🛠</strong><br><br><code>sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user&apos;s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.</code><br><br><a href="https://packetstormsecurity.com/files/161266/sqlmap-1.5.2.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22948">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 14:42:57">
14:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-4934 ‼</strong><br><br><code>IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing &quot;dot dot&quot; sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4934">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22949">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 14:42:58">
14:42
       </div>

       <div class="text">
<strong>‼ CVE-2021-25310 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25310">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22950">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 14:42:59">
14:42
       </div>

       <div class="text">
<strong>🕴 SonicWall Confirms Zero-Day Vulnerability 🕴</strong><br><br><code>The confirmation arrives as researchers with NCC Group detect a SonicWall zero-day flaw under active attack.</code><br><br><a href="https://www.darkreading.com/endpoint/sonicwall-confirms-zero-day-vulnerability/d/d-id/1340031?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22951">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 14:43:00">
14:43
       </div>

       <div class="text">
<strong>🕴 Attackers Continue to Nibble at Apple&apos;s iOS Security 🕴</strong><br><br><code>For the second time in less than three months, Apple has patched vulnerabilities in the software for iPhone and iPad, warning that the issues are already being targeted by attackers.</code><br><br><a href="https://www.darkreading.com/application-security/attackers-continue-to-nibble-at-apples-ios-security/d/d-id/1340030?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22952">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 15:02:28">
15:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Magento Web Skimmers Piggyback in Ongoing Costway Website Compromise ❌</strong><br><br><code>An e-commerce credit-card skimmer is being used by a second skimmer to steal payment data - and both are on Costway&apos;s website.</code><br><br><a href="https://threatpost.com/magento-web-skimmers-costway/163593/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22953">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 15:02:29">
15:02
       </div>

       <div class="text">
<strong>❌ Tiny Kobalos Malware Bedevils Supercomputers to Steal Logins ❌</strong><br><br><code>The sophisticated backdoor steals SSH credentials for servers in academic and scientific high-performance computing clusters.</code><br><br><a href="https://threatpost.com/kobalos-malware-supercomputers-logins/163604/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22954">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 15:16:30">
15:16
       </div>

       <div class="text">
<strong>🕴 RF Enables Takeover of Hostile Drones 🕴</strong><br><br><code>Tempting as it may be to blast drones out of the sky, a less aggressive approach may yield better data about attackers - and keep bystanders safe.</code><br><br><a href="https://www.darkreading.com/iot/rf-enables-takeover-of-hostile-drones/a/d-id/1339944?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22955">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 15:25:04">
15:25
       </div>

       <div class="text">
<strong>❌ Crypto Crook Hired Steven Seagal to Promote Scam, Now Faces Charges ❌</strong><br><br><code>Feds charged California-based private detective for stealing $11M from investors, with help from actor Steven Seagal.</code><br><br><a href="https://threatpost.com/crypto-crook-steven-segal-scam/163612/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22956">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 16:25:13">
16:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Black Hat Europe 🕴</strong><br><br><br><br><a href="https://www.blackhat.com/upcoming.html#europe?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22957">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 16:33:49">
16:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-25018 ‼</strong><br><br><code>In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-25018">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22958">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 16:33:50">
16:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21285 ‼</strong><br><br><code>In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21285">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22959">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 16:33:51">
16:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-15097 ‼</strong><br><br><code>loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal to commit 5f48476, a path traversal vulnerability exists. Insufficient input validation in the APIs exposed by the loklak server allowed a directory traversal vulnerability. Any admin configuration and files readable by the app available on the hosted file system can be retrieved by the attacker. Furthermore, user-controlled content could be written to any admin config and files readable by the application. This has been patched in commit 50dd692. Users will need to upgrade their hosted instances of loklak to not be vulnerable to this exploit.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15097">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22960">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 16:33:52">
16:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21284 ‼</strong><br><br><code>In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using &quot;--userns-remap&quot;, if the root user in the remapped namespace has access to the host filesystem they can modify files under &quot;/var/lib/docker/&lt;remapping&gt;&quot; that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21284">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22961">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 16:33:53">
16:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-25017 ‼</strong><br><br><code>An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-25017">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22962">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 17:05:10">
17:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 U.S. Intelligence Community Warns About China Collecting Healthcare Data 🔏</strong><br><br><code>China&apos;s voracious collection of U.S. healthcare data, including DNA, can pose a national security risk, not to mention harm the privacy of Americans.</code><br><br><a href="https://digitalguardian.com/blog/us-intelligence-community-warns-about-china-collecting-healthcare-data">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22963">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:39:51">
18:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-7775 ‼</strong><br><br><code>This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7775">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22964">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:39:52">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-1910 ‼</strong><br><br><code>A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1910">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22965">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:39:53">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-21292 ‼</strong><br><br><code>Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system). This is fixed in version 4.12.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21292">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22966">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:39:53">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-14255 ‼</strong><br><br><code>HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14255">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22967">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:39:54">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-21289 ‼</strong><br><br><code>Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes&apos; methods which implicitly use Ruby&apos;s Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load, Mechanize::CookieJar#save_as, Mechanize#download, Mechanize::Download#save, Mechanize::File#save, and Mechanize::FileResponse#read_body. This is fixed in version 2.7.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21289">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22968">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:39:55">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-23271 ‼</strong><br><br><code>The TIBCO EBX Web Server component of TIBCO Software Inc.&apos;s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.&apos;s TIBCO EBX: versions 5.9.12 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23271">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22969">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:39:56">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28498 ‼</strong><br><br><code>All versions of package elliptic are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28498">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22970">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:39:57">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-25912 ‼</strong><br><br><code>Prototype pollution vulnerability in &apos;dotty&apos; versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25912">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22971">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:39:58">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-21291 ‼</strong><br><br><code>OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example, if a whitelist domain was configured for &quot;.example.com&quot;, the intention is that subdomains of example.com are allowed. Instead, &quot;example.com&quot; and &quot;badexample.com&quot; could also match. This is fixed in version 7.0.0 onwards. As a workaround, one can disable the whitelist domain feature and run separate OAuth2 Proxy instances for each subdomain.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21291">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22972">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:39:59">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-14221 ‼</strong><br><br><code>HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14221">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22973">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:40:03">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-20199 ‼</strong><br><br><code>Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20199">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22974">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:40:04">
18:40
       </div>

       <div class="text">
<strong>🕴 Average Ransom Payments Declined Last Quarter 🕴</strong><br><br><code>More victims appear to be realizing that paying a ransom doesn&apos;t guarantee stolen data will be purged.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/average-ransom-payments-declined-last-quarter/d/d-id/1340039?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22975">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 18:55:42">
18:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ TrickBot Continues Resurgence with Port-Scanning Module ❌</strong><br><br><code>The infamous malware has incorporated the legitimate Masscan tool, which looks for open TCP/IP ports with lightning-fast results.</code><br><br><a href="https://threatpost.com/trickbot-port-scanning-module/163615/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22976">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 20:55:43">
20:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29662 ‼</strong><br><br><code>In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29662">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22977">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 20:55:44">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-8734 ‼</strong><br><br><code>Improper input validation in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8734">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22978">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 20:55:45">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-21294 ‼</strong><br><br><code>Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. http4s provides a general &quot;MaxActiveRequests&quot; middleware mechanism for limiting open connections, but it is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. In 0.21.17, 0.22.0-M2, and 1.0.0-M14, a new &quot;maxConnections&quot; property, with a default value of 1024, has been added to the `BlazeServerBuilder`. Setting the value to a negative number restores unbounded behavior, but is strongly disrecommended. The NIO2 backend does not respect `maxConnections`. Its use is now deprecated in http4s-0.21, and the option is removed altogether starting in http4s-0.22. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xhv5-w9c5-2r2w.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21294">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22979">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 20:55:45">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-8672 ‼</strong><br><br><code>Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8672">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22980">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 20:55:46">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-24490 ‼</strong><br><br><code>Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24490">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22981">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 20:55:47">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-3395 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3395">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22982">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 20:55:48">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2021-21293 ‼</strong><br><br><code>blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. The vast majority of affected users are using it as part of http4s-blaze-server &lt;= 0.21.16. http4s provides a mechanism for limiting open connections, but is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. The issue is fixed in version 0.14.15 for &quot;NIO1SocketServerGroup&quot;. A &quot;maxConnections&quot; parameter is added, with a default value of 512. Concurrent connections beyond this limit are rejected. To run unbounded, which is not recommended, set a negative number. The &quot;NIO2SocketServerGroup&quot; has no such setting and is now deprecated. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xmw9-q7x9-j5qc.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21293">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22983">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 20:55:49">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-4081 ‼</strong><br><br><code>In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4081">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22984">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 20:55:50">
20:55
       </div>

       <div class="text">
<strong>🕴 Agent Tesla Upgrades with New Delivery &amp; Evasion Tactics 🕴</strong><br><br><code>A new version of the remote access Trojan targets Microsoft Anti-Malware Software Interface to bypass endpoint detection.</code><br><br><a href="https://www.darkreading.com/perimeter/agent-tesla-upgrades-with-new-delivery-and-evasion-tactics/d/d-id/1340041?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message22985">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:22">
22:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-0356 ‼</strong><br><br><code>In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442014.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0356">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22986">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:23">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0361 ‼</strong><br><br><code>In kisd, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449968.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0361">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22987">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:24">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0357 ‼</strong><br><br><code>In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442002.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0357">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22988">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:25">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0352 ‼</strong><br><br><code>In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05453809.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0352">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22989">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:26">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0364 ‼</strong><br><br><code>In mobile_log_d, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05458478; Issue ID: ALPS05458503.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0364">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22990">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:27">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0365 ‼</strong><br><br><code>In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05454782.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0365">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22991">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:28">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0359 ‼</strong><br><br><code>In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442011.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22992">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:28">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-35152 ‼</strong><br><br><code>Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service&apos;s binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35152">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22993">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:29">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0354 ‼</strong><br><br><code>In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05431161.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0354">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22994">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:31">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0362 ‼</strong><br><br><code>In aee, there is a possible memory corruption due to a stack buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457070.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0362">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22995">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:32">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0355 ‼</strong><br><br><code>In kisd, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425581.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0355">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22996">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:33">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0360 ‼</strong><br><br><code>In netdiag, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442006.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0360">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22997">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:34">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0353 ‼</strong><br><br><code>In kisd, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425247.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0353">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22998">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:35">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0363 ‼</strong><br><br><code>In mobile_log_d, there is a possible command injection due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05458478.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0363">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message22999">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:36">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-0358 ‼</strong><br><br><code>In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442022.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23000">

      <div class="body">

       <div class="pull_right date details" title="02.02.2021 22:29:37">
22:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-21043 ‼</strong><br><br><code>ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim&apos;s browser. Exploitation of this issue requires user interaction in order to be successful.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21043">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-756">

      <div class="body details">
3 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23001">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 12:55:10">
12:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29164 ‼</strong><br><br><code>PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29164">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23002">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 12:55:11">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29165 ‼</strong><br><br><code>PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29165">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23003">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 12:55:12">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29166 ‼</strong><br><br><code>PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29166">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23004">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 12:55:13">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29163 ‼</strong><br><br><code>PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29163">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23005">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 12:55:14">
12:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-28144 ‼</strong><br><br><code>Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28144">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23006">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 12:55:15">
12:55
       </div>

       <div class="text">
<strong>❌ Five Critical Android Bugs Patched, Part of Feb. Security Bulletin ❌</strong><br><br><code>February’s security update for the mobile OS includes a Qualcomm flaw rated critical, with a CVSS score of 9.8.</code><br><br><a href="https://threatpost.com/five-critical-bugs-patched-feb-security-bulletin/163623/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23007">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 13:25:07">
13:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 What I Wish I Knew at the Start of My InfoSec Career 🕴</strong><br><br><code>Security pros identify lessons learned that impact how they view infosec today.</code><br><br><a href="https://www.darkreading.com/edge/theedge/what-i-wish-i-knew-at-the-start-of-my-infosec-career/b/d-id/1340036?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23008">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 13:43:02">
13:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ What should you say if you have a data breach? Catch up with Jason Nurse at Sophos Evolve ⚠</strong><br><br><code>Learn why it&apos;s way better to rehearse what to say if you suffer a data breach than to make it up as you go along.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/03/what-should-you-say-if-you-have-a-data-breach-catch-up-with-jason-nurse-at-sophos-evolve/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23009">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 13:43:03">
13:43
       </div>

       <div class="text">
<strong>🦿 6 enterprise security software options to keep your organization safe 🦿</strong><br><br><code>Enterprise security software is essential to protecting company data, personnel, and customers. Learn about some of the popular options available for your organization.</code><br><br><a href="https://www.techrepublic.com/article/6-enterprise-security-software-options-to-keep-your-organization-safe/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23010">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:11:17">
14:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Mandos Encrypted File System Unattended Reboot Utility 1.8.14 🛠</strong><br><br><code>The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.</code><br><br><a href="https://packetstormsecurity.com/files/161280/mandos_1.8.14.orig.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23011">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:16">
14:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-35481 ‼</strong><br><br><code>SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35481">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23012">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:17">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25760 ‼</strong><br><br><code>In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25760">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23013">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:18">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-2507 ‼</strong><br><br><code>The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to obtain control of a QNAP device. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2507">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23014">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:19">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25778 ‼</strong><br><br><code>In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25778">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23015">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:20">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25756 ‼</strong><br><br><code>In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25756">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23016">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:21">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25769 ‼</strong><br><br><code>In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn&apos;t able to access attachments.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25769">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23017">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:22">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25772 ‼</strong><br><br><code>In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25772">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23018">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:23">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25758 ‼</strong><br><br><code>In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25758">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23019">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:24">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25757 ‼</strong><br><br><code>In JetBrains Hub before 2020.1.12629, an open redirect was possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25757">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23020">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:25">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25768 ‼</strong><br><br><code>In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25768">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23021">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:25">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-27994 ‼</strong><br><br><code>SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27994">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23022">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:26">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-35482 ‼</strong><br><br><code>SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35482">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23023">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:27">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25765 ‼</strong><br><br><code>In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25765">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23024">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:28">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-27222 ‼</strong><br><br><code>In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because it sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshakes failure with TLS parameter mismatch. The server must be restarted to recover this. This allow clients to force a DoS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27222">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23025">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:30">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25763 ‼</strong><br><br><code>In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25763">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23026">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:31">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2021-25761 ‼</strong><br><br><code>In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25761">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23027">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:32">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-25208 ‼</strong><br><br><code>In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25208">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23028">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:33">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-28653 ‼</strong><br><br><code>Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28653">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23029">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:34">
14:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-2506 ‼</strong><br><br><code>The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to obtain control of a QNAP device. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2506">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23030">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 14:49:36">
14:49
       </div>

       <div class="text">
<strong>🕴 SolarWinds Attackers Spent Months in Corporate Email System: Report 🕴</strong><br><br><code>SolarWinds&apos; CEO says evidence indicates attackers lurked in the company&apos;s Office 365 email system for months ahead of the attack.</code><br><br><a href="https://www.darkreading.com/perimeter/solarwinds-attackers-spent-months-in-corporate-email-system-report/d/d-id/1340047?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23031">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 15:14:04">
15:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 An Observability Pipeline Could Save Your SecOps Team 🕴</strong><br><br><code>Traditional monitoring approaches are proving brittle as security operations teams need better visibility into dynamic environments.</code><br><br><a href="https://www.darkreading.com/operations/an-observability-pipeline-could-save-your-secops-team/a/d-id/1339975?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23032">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 15:48:11">
15:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Account takeover attacks spiked in 2020, Kaspersky says 🦿</strong><br><br><code>The surge gives further credence to the idea that cybercrime is less about tech know-how and more about social engineering, according to its fraud report.</code><br><br><a href="https://www.techrepublic.com/article/account-takeover-attacks-spiked-in-2020-kaspersky-says/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23033">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 15:48:12">
15:48
       </div>

       <div class="text">
<strong>🦿 How a global law enforcement effort took down the Emotet botnet 🦿</strong><br><br><code>A joint effort across the US and Europe led to the disruption of Emotet and the arrest of two gang members, says Digital Shadows.</code><br><br><a href="https://www.techrepublic.com/article/how-a-global-law-enforcement-effort-took-down-the-emotet-botnet/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23034">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 17:25:20">
17:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 How to Protect Data and Defend Against State-Sponsored Hackers 🔏</strong><br><br><code>NIST has released new tools for defenders to protect sensitive information and mitigate state-sponsored hackers.</code><br><br><a href="https://digitalguardian.com/blog/how-protect-data-and-defend-against-state-sponsored-hackers">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23035">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 18:21:10">
18:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ New Malware Hijacks Kubernetes Clusters to Mine Monero ❌</strong><br><br><code>Researchers warn that the Hildegard malware is part of &apos;one of the most complicated attacks targeting Kubernetes.&apos;</code><br><br><a href="https://threatpost.com/new-malware-hijacks-kubernetes-clusters-to-mine-monero/163629/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23036">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 18:35:52">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-9388 ‼</strong><br><br><code>CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9388">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23037">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 18:35:53">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-9390 ‼</strong><br><br><code>SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9390">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23038">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 18:35:54">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-9389 ‼</strong><br><br><code>A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9389">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23039">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 19:15:46">
19:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Patch Imperfect: Software Fixes Failing to Shut Out Attackers 🕴</strong><br><br><code>Incomplete patches are allowing attackers to continue exploiting the same vulnerabilities, reducing the cost to compromise.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/patch-imperfect-software-fixes-failing-to-shut-out-attackers/d/d-id/1340051?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23040">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 19:15:47">
19:15
       </div>

       <div class="text">
<strong>❌ Emotet’s Takedown: Have We Seen the Last of the Malware? ❌</strong><br><br><code>A week after law enforcement agencies said they took down Emotet, there has been no sign of the prolific malware.</code><br><br><a href="https://threatpost.com/emotets-takedown-have-we-seen-the-last-of-the-malware/163636/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23041">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 19:15:48">
19:15
       </div>

       <div class="text">
<strong>❌ Second SolarWinds Attack Group Breaks into USDA Payroll — Report ❌</strong><br><br><code>A second APT, potentially linked to the Chinese government, could be behind the Supernova malware.</code><br><br><a href="https://threatpost.com/second-solarwinds-attack-group-usda-payroll/163635/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23042">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 20:29:15">
20:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26023 ‼</strong><br><br><code>The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23043">

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 20:29:16">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-26024 ‼</strong><br><br><code>The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23044">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.02.2021 23:39:15">
23:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Concerns Over API Security Grow as Attacks Increase 🕴</strong><br><br><code>Some 66% of organizations say they have slowed deploying an app into production because of API security concerns.</code><br><br><a href="https://www.darkreading.com/application-security/concerns-over-api-security-grow-as-attacks-increase/d/d-id/1340054?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-757">

      <div class="body details">
4 February 2021
      </div>

     </div>

     <div class="message default clearfix" id="message23045">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:02">
08:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26689 ‼</strong><br><br><code>An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26689">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23046">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:03">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-20016 ‼</strong><br><br><code>A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20016">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23047">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:04">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-27247 ‼</strong><br><br><code>A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27247">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23048">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:05">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-13579 ‼</strong><br><br><code>An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13579">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23049">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:06">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-27248 ‼</strong><br><br><code>A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27248">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23050">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:07">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-14245 ‼</strong><br><br><code>HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14245">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23051">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:08">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-14246 ‼</strong><br><br><code>HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14246">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23052">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:08">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-26687 ‼</strong><br><br><code>An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26687">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23053">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:09">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-13586 ‼</strong><br><br><code>A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13586">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23054">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:10">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-13580 ‼</strong><br><br><code>An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13580">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23055">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:11">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-26688 ‼</strong><br><br><code>An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26688">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23056">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:12">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-6088 ‼</strong><br><br><code>An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6088">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23057">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:13">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-27249 ‼</strong><br><br><code>A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27249">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23058">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 08:34:14">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-14247 ‼</strong><br><br><code>HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14247">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23059">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 10:22:29">
10:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Clearview Facial-Recognition Technology Ruled Illegal in Canada ❌</strong><br><br><code>The company’s controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges.</code><br><br><a href="https://threatpost.com/clearview-facial-recognition-canada/163650/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23060">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 10:30:21">
10:30
       </div>

       <div class="text">
<strong>🦿 Industrial control systems vulnerabilities rise as operational tech increasingly goes online 🦿</strong><br><br><code>Claroty said 25% more vulnerabilities were reported in 2020 than in 2019, 70% of which had high or critical CVSS scores.</code><br><br><a href="https://www.techrepublic.com/article/industrial-control-systems-vulnerabilities-rise-as-operational-tech-increasingly-goes-online/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23061">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 11:19:19">
11:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Clam AntiVirus Toolkit 0.103.1 🛠</strong><br><br><code>Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.</code><br><br><a href="https://packetstormsecurity.com/files/161284/clamav-0.103.1.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23062">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 11:19:20">
11:19
       </div>

       <div class="text">
<strong>🛠 TOR Virtual Network Tunneling Tool 0.4.4.7</strong> <strong>🛠</strong><br><br><code>Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).</code><br><br><a href="https://packetstormsecurity.com/files/161285/tor-0.4.4.7.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23063">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 12:01:54">
12:01
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Why schools are vulnerable to ransomware attacks 🦿</strong><br><br><code>A lack of security training for educators and budget limitations are two reasons schools are susceptible to cyberattack, says IBM Security.</code><br><br><a href="https://www.techrepublic.com/article/why-schools-are-vulnerable-to-ransomware-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23064">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 12:39:44">
12:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Free coffee! Dutch researcher hacks prepaid vending machines ⚠</strong><br><br><code>Only try this at home, folks! As easy as it might look, it&apos;s illegal in the wild, with good reason.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/02/04/free-coffee-dutch-researcher-hacks-prepaid-vending-machines/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23065">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 12:39:45">
12:39
       </div>

       <div class="text">
<strong>🕴 Is $50,000 for a Vulnerability Too Much? 🕴</strong><br><br><code>Lofty bug bounties catch attention, but don&apos;t alleviate the application security flaws they are trying to solve.</code><br><br><a href="https://www.darkreading.com/application-security/is-%2450000-for-a-vulnerability-too-much/a/d-id/1339956?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23066">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 13:22:21">
13:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Critical Cisco Flaws Open VPN Routers Up to RCE Attacks ❌</strong><br><br><code>The vulnerabilities exist in Cisco&apos;s RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.</code><br><br><a href="https://threatpost.com/cisco-flaws-vpn-routers-rce/163662/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23067">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 13:22:22">
13:22
       </div>

       <div class="text">
<strong>❌ Microsoft Office 365 Attacks Sparked from Google Firebase ❌</strong><br><br><code>A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.</code><br><br><a href="https://threatpost.com/microsoft-office-365-attacks-google-firebase/163666/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23068">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 14:34:13">
14:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28449 ‼</strong><br><br><code>This affects all versions of package decal. The vulnerability is in the set function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28449">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23069">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 14:34:14">
14:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-28450 ‼</strong><br><br><code>This affects all versions of package decal. The vulnerability is in the extend function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28450">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23070">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 14:34:15">
14:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-16194 ‼</strong><br><br><code>An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis &lt; 4.0.2. Unauthenticated attackers can have access to any user&apos;s invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16194">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23071">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 15:30:29">
15:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 91% of enterprise pros experienced an API security incident in 2020 🦿</strong><br><br><code>&quot;The direct gateway to organizations&apos; most critical data and assets&quot; is an attractive target for hackers, Salt Security found in a new report.</code><br><br><a href="https://www.techrepublic.com/article/91-of-enterprise-pros-experienced-an-api-security-incident-in-2020/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message23072">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:22">
16:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-1293 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1293">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23073">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:23">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1329 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1329">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23074">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:24">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1325 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1325">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23075">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:25">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1346 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1346">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23076">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:26">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1339 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1339">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23077">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:27">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1343 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1343">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23078">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:28">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1332 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1332">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23079">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:29">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1317 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1317">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23080">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:30">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-27872 ‼</strong><br><br><code>This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27872">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23081">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:31">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1336 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1336">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23082">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:32">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-4825 ‼</strong><br><br><code>IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4825">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23083">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:33">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1316 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1316">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23084">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:35">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1288 ‼</strong><br><br><code>Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1288">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23085">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:36">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1389 ‼</strong><br><br><code>A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1389">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23086">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:37">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1321 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1321">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23087">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:38">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-4827 ‼</strong><br><br><code>IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4827">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23088">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:39">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1347 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1347">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23089">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:40">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-27873 ‼</strong><br><br><code>This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27873">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23090">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:41">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1370 ‼</strong><br><br><code>A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker would need to have a valid account on an affected device. The vulnerability is due to insufficient validation of command line arguments. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the prompt. A successful exploit could allow an attacker with low-level privileges to escalate their privilege level to root.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1370">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23091">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:34:42">
16:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-1326 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1326">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23092">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:26">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-5032 ‼</strong><br><br><code>IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. IBM X-Force ID: 194178.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5032">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23093">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:27">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1354 ‼</strong><br><br><code>A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1354">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23094">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:28">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1291 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1291">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23095">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:28">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1292 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1292">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23096">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:29">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1344 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1344">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message23097">

      <div class="body">

       <div class="pull_right date details" title="04.02.2021 16:40:31">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2021-1266 ‼</strong><br><br><code>A vulnerability in the REST API of Cisco Managed Services Accelerator (MSX) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could exploit this vulnerability by sending a flood of crafted API requests to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1266">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <a class="pagination block_link" href="messages24.html">
Next messages
     </a>

    </div>

   </div>

  </div>

 </body>

</html>