Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Content by securityaffairs

securityaffairs
Member Since: March 27, 2014
Ninja
Posts: 128

Most Recently Posted

100 items
Comment: A must reading - securityaffairs - 11/10/2014
Comment: Very dangerous - securityaffairs - 11/10/2014
Comment: About the repor - securityaffairs - 10/27/2014
Comment: Once again.. - securityaffairs - 9/25/2014
Comment: an old story - securityaffairs - 9/11/2014
Comment: Re: DDoS - securityaffairs - 8/27/2014
Comment: as expected - securityaffairs - 8/18/2014
Comment: Awesome - securityaffairs - 8/15/2014
Comment: what's new? - securityaffairs - 8/13/2014
Comment: The change - securityaffairs - 8/6/2014
Comment: next phase - securityaffairs - 7/13/2014
Comment: Re: Good job - securityaffairs - 7/10/2014
Comment: Re: Good job - securityaffairs - 7/10/2014
Comment: Re: Good job - securityaffairs - 7/9/2014
Comment: Not surprised - securityaffairs - 6/13/2014
Comment: Great job - securityaffairs - 6/3/2014
Comment: High risks - securityaffairs - 5/26/2014
Comment: Insidious - securityaffairs - 5/9/2014


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22847
PUBLISHED: 2021-01-22
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
CVE-2021-22849
PUBLISHED: 2021-01-22
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.
CVE-2020-8567
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
CVE-2020-8569
PUBLISHED: 2021-01-21
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, ...