โผ CVE-2021-1313 โผ
๐ Read
via "National Vulnerability Database".
Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-1333 โผ
๐ Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-1295 โผ
๐ Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-1221 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-4826 โผ
๐ Read
via "National Vulnerability Database".
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-1318 โผ
๐ Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-1297 โผ
๐ Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-1244 โผ
๐ Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-1314 โผ
๐ Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-1289 โผ
๐ Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-1345 โผ
๐ Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-1319 โผ
๐ Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.๐ Read
via "National Vulnerability Database".
โ Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months โ
๐ Read
via "Threat Post".
As many as 100,000 of the music streaming service's customers could face account takeover.๐ Read
via "Threat Post".
Threat Post
Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months
As many as 100,000 of the music streaming service's customers could face account takeover.
๐ Scientist Stole Trade Secrets Before Joining Competitor ๐
๐ Read
via "Digital Guardian".
It wasn't until after the employee left that the company realized how many proprietary files he'd transferred to his personal email accounts and thumb drives.๐ Read
via "Digital Guardian".
Digital Guardian
Scientist Stole Trade Secrets Before Joining Competitor
It wasn't until after the employee left that the company realized how many proprietary files he'd transferred to his personal email accounts and thumb drives.
๐ฆฟ How to compile NGINX for ModSecurity support on Ubuntu Server 20.04 ๐ฆฟ
๐ Read
via "Tech Republic".
Jack Wallen walks you through the manual process of installing ModSecurity for NGINX on Ubuntu Server 20.04.๐ Read
via "Tech Republic".
TechRepublic
How to compile NGINX for ModSecurity support on Ubuntu Server 20.04
Jack Wallen walks you through the manual process of installing ModSecurity for NGINX on Ubuntu Server 20.04.
โผ CVE-2021-25249 โผ
๐ Read
via "National Vulnerability Database".
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-25237 โผ
๐ Read
via "National Vulnerability Database".
An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-0350 โผ
๐ Read
via "National Vulnerability Database".
In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05342338.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-0343 โผ
๐ Read
via "National Vulnerability Database".
In kisd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449962.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-25244 โผ
๐ Read
via "National Vulnerability Database".
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-25227 โผ
๐ Read
via "National Vulnerability Database".
Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability รขโฌโ i.e. the attacker must already have access to the target system (either legitimately or via another exploit).๐ Read
via "National Vulnerability Database".