‼ CVE-2021-21113 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21108 ‼
📖 Read
via "National Vulnerability Database".
Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21107 ‼
📖 Read
via "National Vulnerability Database".
Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21110 ‼
📖 Read
via "National Vulnerability Database".
Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21115 ‼
📖 Read
via "National Vulnerability Database".
User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21109 ‼
📖 Read
via "National Vulnerability Database".
Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
❌ Malicious Software Infrastructure Easier to Get and Deploy Than Ever ❌
📖 Read
via "Threat Post".
Researchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces.📖 Read
via "Threat Post".
Threat Post
Malicious Software Infrastructure Easier to Get and Deploy Than Ever
Researchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces.
‼ CVE-2020-4691 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4733 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4697 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4544 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4487 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5146 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5147 ‼
📖 Read
via "National Vulnerability Database".
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35204 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35727 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35726 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35725 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35720 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35723 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35719 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".