RSS 생중계

CVE-2020-19915

Latest 7 days CVE Lists - 12시간 9분 지남
Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the [mailbox username in index.php.

Apple Releases iOS 15 and iPadOS 15

Slashdot - 12시간 30분 지남
Apple today released iOS 15 and iPadOS 15, the newest operating system updates designed for the iPhone, iPad, and iPod touch. From a report: As with all of Apple's software updates, iOS and iPadOS 15 can be downloaded at no cost. iOS 15 is available on the iPhone 6s and later while iPadOS 15 is available on the iPad Air 2 and later. The new software can be downloaded on eligible devices over-the-air by going to Settings - General - Software Update. It may take a few minutes for the updates to propagate to all users due to high demand. A new Focus mode cuts down on distractions by limiting what's accessible and who can contact you, and notifications can now be grouped up in daily summaries. There's an option for a new Safari design that moves the tab bar to the bottom of the interface, and Tab Groups keep all of your tabs organized. Maps has been overhauled with even more detail, a 3D view in major cities, a globe view, improved transit, a close-up driving view when navigating complicated routes, and AR walking directions. Across the operating system, there's a new Live Text feature that detects text in any image and lets you copy, paste, and translate it, plus there's a system-wide translation feature. In Photos, plants, pets, landmarks, and more can be identified, and there's a system-wide translation feature that goes well with Live Text. iCloud+ with iCloud Private Relay protects your IP address and obscures your location to prevent websites from tracking you, and a Hide My Email feature lets you create temporary email addresses. You can even use your personal domain with iCloud in iOS 15. Further reading: 19 Things You Can Do in iOS 15 That You Couldn't Do Before.

Read more of this story at Slashdot.

카테고리:

CVE-2021-32838

Latest 7 days CVE Lists - 13시간 9분 지남
Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.

Coinbase Drops Lend Product Plans After SEC Lawsuit Threat

Slashdot - 13시간 59분 지남
Cryptocurrency exchange Coinbase has canceled plans to launch Lend, a product designed to deliver high-interest returns on USDC stablecoin holdings. From a report: A Coinbase representative confirmed the news to Decrypt this morning, referring us to a quietly updated recent blog post about the planned initiative, which was first announced in June but put on hold following the threat of legal action from the U.S. Securities and Exchange Commission (SEC) "Our goal is to create great products for our customers and to advance our mission to increase economic freedom in the world," the update reads. "As we continue our work to seek regulatory clarity for the crypto industry as a whole, we've made the difficult decision not to launch the USDC APY program announced below." Coinbase wrote that it had hundreds of thousands of people signed up to its waitlist, which has now been discontinued. "We will not stop looking for ways to bring innovative, trusted programs and products to our customers," the update concludes. Further reading: Is Lending Your Bitcoins a Security?

Read more of this story at Slashdot.

카테고리:

CVE-2021-29856

Latest 7 days CVE Lists - 14시간 9분 지남
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685.

CVE-2021-32839

Latest 7 days CVE Lists - 14시간 9분 지남
sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2.

CVE-2021-38899

Latest 7 days CVE Lists - 14시간 9분 지남
IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575.

CVE-2020-8561

Latest 7 days CVE Lists - 14시간 9분 지남
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

CVE-2021-25740

Latest 7 days CVE Lists - 14시간 9분 지남
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.

CVE-2021-25741

Latest 7 days CVE Lists - 14시간 9분 지남
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

CVE-2021-29806

Latest 7 days CVE Lists - 14시간 9분 지남
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204264.

CVE-2021-29807

Latest 7 days CVE Lists - 14시간 9분 지남
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204265.

CVE-2021-29808

Latest 7 days CVE Lists - 14시간 9분 지남
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204269.

CVE-2021-29809

Latest 7 days CVE Lists - 14시간 9분 지남
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204270.

CVE-2021-29811

Latest 7 days CVE Lists - 14시간 9분 지남
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. IBM X-Force ID: 204329.

CVE-2021-29817

Latest 7 days CVE Lists - 14시간 9분 지남
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204343.

CVE-2021-29818

Latest 7 days CVE Lists - 14시간 9분 지남
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204345.

CVE-2021-29819

Latest 7 days CVE Lists - 14시간 9분 지남
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204346.

CVE-2021-29820

Latest 7 days CVE Lists - 14시간 9분 지남
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204347.

CVE-2021-29821

Latest 7 days CVE Lists - 14시간 9분 지남
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204348.

페이지

KLDP 수집기 구독하기