‼ CVE-2021-25224 ‼
📖 Read
via "National Vulnerability Database".
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22637 ‼
📖 Read
via "National Vulnerability Database".
Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3326 ‼
📖 Read
via "National Vulnerability Database".
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25247 ‼
📖 Read
via "National Vulnerability Database".
A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25225 ‼
📖 Read
via "National Vulnerability Database".
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26117 ‼
📖 Read
via "National Vulnerability Database".
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26276 ‼
📖 Read
via "National Vulnerability Database".
** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22655 ‼
📖 Read
via "National Vulnerability Database".
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22639 ‼
📖 Read
via "National Vulnerability Database".
An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22641 ‼
📖 Read
via "National Vulnerability Database".
A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).📖 Read
via "National Vulnerability Database".
❌ TeamTNT Cloaks Malware With Open-Source Tool ❌
📖 Read
via "Threat Post".
The detection-evasion tool, libprocesshider, hides TeamTNT's malware from process-information programs.📖 Read
via "Threat Post".
Threat Post
TeamTNT Cloaks Malware With Open-Source Tool
The detection-evasion tool, libprocesshider, hides TeamTNT's malware from process-information programs.
🕴 Critical Vulnerability Patched in 'sudo' Utility for Unix-Like OSes 🕴
📖 Read
via "Dark Reading".
Flaw exists in versions of sudo going back nearly 10 years; USCYBERCOM recommends organizations patch immediately.📖 Read
via "Dark Reading".
Dark Reading
Critical Vulnerability Patched in 'sudo' Utility for Unix-Like OSes
Flaw exists in versions of sudo going back nearly 10 years; USCYBERCOM recommends organizations patch immediately.
🕴 Intl. Law Enforcement Operation Disrupts Emotet Botnet 🕴
📖 Read
via "Dark Reading".
Global law enforcement agencies have seized control of Emotet infrastructure, disrupting one of the world's most pervasive and dangerous cyber threats.📖 Read
via "Dark Reading".
Dark Reading
Intl. Law Enforcement Operation Disrupts Emotet Botnet
Global law enforcement agencies have seized control of Emotet infrastructure, disrupting one of the world's most pervasive and dangerous cyber threats.
‼ CVE-2021-3331 ‼
📖 Read
via "National Vulnerability Database".
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)📖 Read
via "National Vulnerability Database".
🕴 Data Privacy Day 2021: Pandemic Response Data Must Align with Data Privacy Rules 🕴
📖 Read
via "Dark Reading".
Amid a pandemic, Data Privacy Day this year brings forth expanded responsibilities for organizations in the response to COVID-19.📖 Read
via "Dark Reading".
Dark Reading
Data Privacy Day 2021: Pandemic Response Data Must Align with Data Privacy Rules
Amid a pandemic, Data Privacy Day this year brings forth expanded responsibilities for organizations in the response to COVID-19.
‼ CVE-2020-25785 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25783 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25784 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25782 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0237 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26067 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2.📖 Read
via "National Vulnerability Database".