‼ CVE-2021-21144 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26921 ‼
📖 Read
via "National Vulnerability Database".
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4790 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21145 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26675 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4996 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21143 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25140 ‼
📖 Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a directory traversal in user supplied input to the `khuploadfile.cgi` CGI ELF. The directory traversal could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35943 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28394 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283)📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28392 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMARIS configuration (All versions). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35942 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35572 ‼
📖 Read
via "National Vulnerability Database".
Adminer through 4.7.8 allows XSS via the history parameter to the default URI.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25141 ‼
📖 Read
via "National Vulnerability Database".
A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
❌ Attackers Exploit Critical Adobe Flaw to Target Windows Users ❌
📖 Read
via "Threat Post".
A critical vulnerability in Adobe Reader has been exploited in "limited attacks."📖 Read
via "Threat Post".
Threat Post
Attackers Exploit Critical Adobe Flaw to Target Windows Users
A critical vulnerability in Adobe Reader has been exploited in "limited attacks."
🦿 Plex patches media server bug potentially exploited by DDoS attackers 🦿
📖 Read
via "Tech Republic".
All users of Plex Media Server are urged to apply the hotfix, which directs their servers to respond to UDP requests only from the local network and not the public internet.📖 Read
via "Tech Republic".
TechRepublic
Plex patches media server bug potentially exploited by DDoS attackers
All users of Plex Media Server are urged to apply the hotfix, which directs their servers to respond to UDP requests only from the local network and not the public internet.
🔏 Florida Water Hack Underscores Lack of Municipal Cyber Funding 🔏
📖 Read
via "Digital Guardian".
The hack is another example of how damaging cyber attacks against small cities and infrastructure can be.📖 Read
via "Digital Guardian".
Digital Guardian
Florida Water Hack Underscores Lack of Municipal Cyber Funding
The hack is another example of how damaging cyber attacks against small cities and infrastructure can be.
❌ Actively Exploited Windows Kernel EoP Bug Allows Takeover ❌
📖 Read
via "Threat Post".
Microsoft addressed 56 security vulnerabilities for February Patch Tuesday -- including 11 critical and six publicly known. And, it continued to address the Zerologon bug.📖 Read
via "Threat Post".
Threat Post
Actively Exploited Windows Kernel EoP Bug Allows Takeover
Microsoft addressed 56 security vulnerabilities for February Patch Tuesday — including 11 critical and six publicly known. And, it continued to address the Zerologon bug.
❌ Google Play Boots Barcode Scanner App After Ad Explosion ❌
📖 Read
via "Threat Post".
A barcode scanner with 10 million downloads is removed from Google Play marketplace after ad blitz hits phones.📖 Read
via "Threat Post".
Threat Post
Google Play Boots Barcode Scanner App After Ad Explosion
A barcode scanner with 10 million downloads is removed from Google Play marketplace after ad blitz hits phones.
‼ CVE-2021-21478 ‼
📖 Read
via "National Vulnerability Database".
SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21472 ‼
📖 Read
via "National Vulnerability Database".
SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade.📖 Read
via "National Vulnerability Database".