

Thousands of Unprotected RDP Servers Can Be Abused for DDoS Attacks
Cybercriminals have been abusing unprotected servers running Microsoft’s Remote Desktop Protocol...

These Microsoft tools help you reduce, remove or lock down admin access to improve security
The SolarWinds compromise means you can no longer put off privileged account management.

Bosses are using monitoring software to keep tabs on working at home. Privacy rules aren't keeping up
Worker's union Prospect warned that the UK was at risk of 'sleepwalking into a world of...

Cloud Controls Matrix v4 adds 60+ new cloud security controls
The Cloud Security Alliance (CSA) announced the availability of version 4 of the Cloud Controls...

It's 2021 and you can hijack a Cisco SD-WAN deployment with malicious IP traffic and a buffer overflow. Patch now
And also fix up these other holes that can be exploited via HTTP requests, SQL injection, etc...

Bolstering healthcare IT against growing security threats
As the COVID-19 pandemic unfolds, healthcare organizations are scrambling to ensure the safety...

Retail and hospitality sector fixing software flaws at a faster rate than others
The retail and hospitality sector is fixing software flaws at a faster rate than five other...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Latest Vulnerabilities
-
CVE-2020-8570
0.0Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a...
-
CVE-2020-8569
0.0Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing...
-
CVE-2020-8568
0.0Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem...
-
CVE-2020-8567
0.0Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted...
-
CVE-2020-8554
0.0Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an...
Latest Critical Vulnerabilities
-
CVE-2020-24640
10.0There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful...
networklow complexitycritical -
CVE-2020-24639
10.0There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation...
-
CVE-2020-24638
9.0Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as...
networklow complexitycritical -
CVE-2020-6572 - USE After Free vulnerability in Google Chrome
9.3Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
-
CVE-2020-29495 - OS Command Injection vulnerability in Dell products
10.0DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this...
-
CVE-2020-29017 - OS Command Injection vulnerability in Fortinet Fortideceptor 3.0.0/3.0.1/3.1.0
9.0An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection...
-
CVE-2020-14102 - Command Injection vulnerability in MI Ax1800 Firmware and Rm1800 Firmware
9.0There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336...
-
CVE-2021-1360 - Out-Of-Bounds Write vulnerability in Cisco products
9.0Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary...