Month: February 2021
-
CVE-2020-35662 – In SaltStack Salt before 3002.5, when authenticating to services using certain modules, th …
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always …
-
CVE-2020-28972 – In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi serve …
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always …
-
CVE-2020-28243 – An issue was discovered in SaltStack Salt before 3002.5. The minion’s restartcheck is vuln …
An issue was discovered in SaltStack Salt before 3002.5. The minion’s restartcheck is vulnerable to command injection via a crafted process …
-
CVE-2019-25023 – An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For …
An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is …
-
CVE-2019-25022 – An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed …
An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a …
-
CVE-2019-25021 – An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database mana …
An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by …
-
CVE-2019-25020 – An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require a …
An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the …
-
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
CodeQL is a strong semantic code analysis engine that works primarily on two stages. In the first stage, it compiles the source code into …
-
Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process
Researchers warn Amazon’s voice assistant Alexa is vulnerable to malicious third-party “skills” – voice assistant capabilities …
-
House SolarWinds Hearing Focuses on Updating Cyber Laws
A pair of U.S. House committees held their first public hearings Friday into the SolarWinds attack, with lawmakers and witnesses offering …
-
Stalkerware Volumes Remain Concerningly High, Despite Bans
Tens of thousands of mobile users were infected by the class of software known generically as stalkerware last year. According to …
-
Imperva pretty adamant that security analytics aggregator product Sonar is not ‘one dashboard to rule them all’
Tired of keeping up with security alerts from your system? Worried that your Security Operations Centre (SOC) is getting deluged in …
●●●