๐ฆฟ Plex patches media server bug potentially exploited by DDoS attackers ๐ฆฟ
๐ Read
via "Tech Republic".
All users of Plex Media Server are urged to apply the hotfix, which directs their servers to respond to UDP requests only from the local network and not the public internet.๐ Read
via "Tech Republic".
TechRepublic
Plex patches media server bug potentially exploited by DDoS attackers
All users of Plex Media Server are urged to apply the hotfix, which directs their servers to respond to UDP requests only from the local network and not the public internet.
๐ Florida Water Hack Underscores Lack of Municipal Cyber Funding ๐
๐ Read
via "Digital Guardian".
The hack is another example of how damaging cyber attacks against small cities and infrastructure can be.๐ Read
via "Digital Guardian".
Digital Guardian
Florida Water Hack Underscores Lack of Municipal Cyber Funding
The hack is another example of how damaging cyber attacks against small cities and infrastructure can be.
โ Actively Exploited Windows Kernel EoP Bug Allows Takeover โ
๐ Read
via "Threat Post".
Microsoft addressed 56 security vulnerabilities for February Patch Tuesday -- including 11 critical and six publicly known. And, it continued to address the Zerologon bug.๐ Read
via "Threat Post".
Threat Post
Actively Exploited Windows Kernel EoP Bug Allows Takeover
Microsoft addressed 56 security vulnerabilities for February Patch Tuesday โ including 11 critical and six publicly known. And, it continued to address the Zerologon bug.
โ Google Play Boots Barcode Scanner App After Ad Explosion โ
๐ Read
via "Threat Post".
A barcode scanner with 10 million downloads is removed from Google Play marketplace after ad blitz hits phones.๐ Read
via "Threat Post".
Threat Post
Google Play Boots Barcode Scanner App After Ad Explosion
A barcode scanner with 10 million downloads is removed from Google Play marketplace after ad blitz hits phones.
โผ CVE-2021-21478 โผ
๐ Read
via "National Vulnerability Database".
SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21472 โผ
๐ Read
via "National Vulnerability Database".
SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21477 โผ
๐ Read
via "National Vulnerability Database".
SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-26191 โผ
๐ Read
via "National Vulnerability Database".
Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-14343 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21502 โผ
๐ Read
via "National Vulnerability Database".
Dell PowerScale OneFS versions 8.1.0 รขโฌโ 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-26193 โผ
๐ Read
via "National Vulnerability Database".
Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21475 โผ
๐ Read
via "National Vulnerability Database".
Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-26195 โผ
๐ Read
via "National Vulnerability Database".
Dell EMC PowerScale OneFS versions 8.1.2 รขโฌโ 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21444 โผ
๐ Read
via "National Vulnerability Database".
SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-35125 โผ
๐ Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21476 โผ
๐ Read
via "National Vulnerability Database".
SAP UI5, versions - 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1, allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-26194 โผ
๐ Read
via "National Vulnerability Database".
Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-26192 โผ
๐ Read
via "National Vulnerability Database".
Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-26196 โผ
๐ Read
via "National Vulnerability Database".
Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21474 โผ
๐ Read
via "National Vulnerability Database".
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21479 โผ
๐ Read
via "National Vulnerability Database".
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.๐ Read
via "National Vulnerability Database".