All

Latest

CVE-2021-27671

An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.

CVE Notifications

Popular

CVE-2020-9395

An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2’s 4-way-handshake via a malformed...

Loading

Disinformation

Popular

CERT-Vulnerabilities, National Cyber Awareness

Latest
Loading

CVE-2020-9051

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.

CVE-2020-9052

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.

CVE-2021-1229

A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition....

CVE-2021-1230

A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to...

CVE-2021-1227

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient...

CVE-2021-1228

A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass...

CVE-2021-1361

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an...

CVE-2021-1450

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To...

CVE-2021-1388

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The...

CVE-2021-1387

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software...

CVE-2021-1368

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or...

CVE-2021-1396

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files,...

CVE-2021-1231

A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small...

CVE-2021-1367

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability...

CVE-2021-1393

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files,...

OSN JANUARY 19, 2021

Title: Hackers Leaked Altered Pfizer Data to Sabotage Trust in Vaccines Date Published: January 15, 2021 https://www.bleepingcomputer.com/news/security/hackers-leaked-altered-pfizer-data-to-sabotage-trust-in-vaccines/ Excerpt:...

OSN JANUARY 29, 2021

Title: Windows Installer Zero-Day Vulnerability Gets Free Micropatch Date Published: January 29, 2021 https://www.bleepingcomputer.com/news/security/windows-installer-zero-day-vulnerability-gets-free-micropatch/ Excerpt: “A...

OSN February 1, 2021

Title: A New Software Supply-Chain Attack Targeted Millions With Spyware Date Published: February 1, 2021 https://thehackernews.com/2021/02/a-new-software-supplychain-attack.html Excerpt: “Cybersecurity researchers today...

OSN FEBRUARY 2, 2021

Title: Malicious Script Steals Credit Card Info Stolen by Other Hackers Date Published: February 2, 2021 https://www.bleepingcomputer.com/news/security/malicious-script-steals-credit-card-info-stolen-by-other-hackers/...

OSN FEBRUARY 3, 2021

Title: Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions Date Published: February 3, 2021 https://thehackernews.com/2021/02/over-dozen-chrome-extensions-caught.html Excerpt: “All Fortify24x7...

OSN FEBRUARY 4, 2021

Title: U.S. Federal Payroll Agency Hacked Using Solarwinds Software Flaw Date Published: February 2, 2021 https://www.bleepingcomputer.com/news/security/us-federal-payroll-agency-hacked-using-solarwinds-software-flaw/ Excerpt:...

OSN FEBRUARY 5, 2021

Title: Hacking Group Also Used an IE Zero-Day Against Security Researchers Date Published: February 4, 2021 https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/...

OSN February 8, 2021

Title: Microsoft to Alert Office 365 Users of Nation-State Hacking Activity Date Published: February 8, 2021 https://www.bleepingcomputer.com/news/security/microsoft-to-alert-office-365-users-of-nation-state-hacking-activity/...

OSN FEBRUARY 9, 2021

Title: Microsoft: Keep Your Guard up Even After Emotet’s Disruption Date Published: February 8, 2021 https://www.bleepingcomputer.com/news/security/microsoft-keep-your-guard-up-even-after-emotet-s-disruption/ Excerpt: “With law...

OSN February 10, 2021

Title: Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple Date Published: February 10, 2021 https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 Also See: Dependency Confusion: Fortify24x7...

OSN FEBRUARY 11, 2021

Title: 12-Year-Old Windows Defender Bug Gives Hackers Admin Rights Date Published: February 11, 2021 https://www.bleepingcomputer.com/news/security/12-year-old-windows-defender-bug-gives-hackers-admin-rights/...

OSN FEBRUARY 12, 2021

Title: Yandex Suffers Data Breach After Sysadmin Sold Access to User Emails Date Published: February 11, 2021 https://www.bleepingcomputer.com/news/security/yandex-suffers-data-breach-after-sysadmin-sold-access-to-user-emails/...

OSN FEBRUARY 17, 2021

Title: Centreon Says That Recently Disclosed Campaigns Only Targeted Obsolete Versions of Its Open-Source Software Date Published: February Fortify24x7...

OSN FEBRUARY 18, 2021

Title: Masslogger Swipes Microsoft Outlook, Google Chrome Credentials Date Published: February 17, 2021 Masslogger Swipes Microsoft Outlook, Google Chrome Credentials Excerpt: “The use of compiled HTML (usually Fortify24x7...

OSN FEBRUARY 23, 2021

Title: New Silver Sparrow Malware Infects 30,000 Macs for Unknown Purpose Date Published: February 22, 2021 https://www.bleepingcomputer.com/news/security/new-silver-sparrow-malware-infects-30-000-macs-for-unknown-purpose/...

OSN FEBRUARY 24, 2021

Title: Exploitation of Accellion File Transfer Appliance Date Published: February 24, 2021 https://us-cert.cisa.gov/ncas/alerts/aa21-055a Excerpt: “One of the exploited Fortify24x7...

CVE-2020-27224

In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.

CVE-2020-7836

VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack. It finally leads to a stack-based buffer overflow via access to...

Loading