Remove 01
Remove 2021 Remove Data Remove Information Security Remove Security
article thumbnail

U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog. CVE-2019-0344 is a deserialization of untrusted data vulnerability.

Cloud 117
article thumbnail

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Security Affairs

Palo Alto Networks disclosed a critical remote code execution vulnerability, tracked as CVE-2021-3064 , in its GlobalProtect portal and gateway interfaces. “CVE-2021-3064 is a buffer overflow that occurs while parsing user-supplied input into a fixed-length location on the stack. 2021-11-10: This report was published.

Access 117
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide

Security Affairs

Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. The vulnerability, tracked as CVE-2021-3438 , is a buffer overflow that resides in the SSPORT.SYS driver which is used by some printer models.

article thumbnail

U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog. A remote attacker can exploit both vulnerabilities by sending specially crafted data packets to the vulnerable cameras. The flaw received a CVSS v3 score of 8.1,

IT 86
article thumbnail

It is your data in their cloud, make sure it is secure!

Thales Cloud Protection & Licensing

It is your data in their cloud, make sure it is secure! Tue, 01/18/2022 - 05:32. It is your data in their cloud after all - and you need to make sure your most valuable assets are secure! Security controls for Cloud Service Providers are notoriously tough to figure out and can be easy to overlook.

Cloud 71
article thumbnail

CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-26359 (CVSS score 9.8) Adobe fixed the critical flaw in March 2023, it is a deserialization of untrusted data issue in Adobe ColdFusion that can lead to arbitrary code execution in the context of the current user.

IT 94
article thumbnail

Malicious NPM packages used to grab data from apps, websites?

Security Affairs

Researchers from ReversingLabs discovered tens of malicious NPM packages stealing data from apps and web forms. Researchers from ReversingLabs discovered a couple of dozen NPM packages that included malicious code designed to steal data from apps and web forms on websites that included the modules. ” conclude the researchers.