🦿 How to block point-to-point file transfers in Skype for Business using PowerShell 🦿
📖 Read
via "Tech Republic".
There are situations where you want to block P2P file transfers to people outside the organization during a video conference meeting. You'll need to issue a global policy.📖 Read
via "Tech Republic".
TechRepublic
How to block point-to-point file transfers in Skype for Business using PowerShell
There are situations where you want to block P2P file transfers to people outside the organization during a video conference meeting. You'll need to issue a global policy.
‼ CVE-2021-26905 ‼
📖 Read
via "National Vulnerability Database".
1Password SCIM Bridge before 1.6.2 mishandles validation of requests for log files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25168 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26574 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25171 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25170 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26571 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7785 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21290 ‼
📖 Read
via "National Vulnerability Database".
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21240 ‼
📖 Read
via "National Vulnerability Database".
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26573 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25172 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7786 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25169 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26572 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26575 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26577 ‼
📖 Read
via "National Vulnerability Database".
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7782 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21305 ‼
📖 Read
via "National Vulnerability Database".
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26910 ‼
📖 Read
via "National Vulnerability Database".
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21288 ‼
📖 Read
via "National Vulnerability Database".
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.📖 Read
via "National Vulnerability Database".