‼ CVE-2021-21618 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21616 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28599 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21617 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7846 ‼
📖 Read
via "National Vulnerability Database".
Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3355 ‼
📖 Read
via "National Vulnerability Database".
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21622 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21621 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27645 ‼
📖 Read
via "National Vulnerability Database".
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.📖 Read
via "National Vulnerability Database".
❌ VMWare Patches Critical RCE Flaw in vCenter Server ❌
📖 Read
via "Threat Post".
The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system.📖 Read
via "Threat Post".
Threat Post
VMWare Patches Critical RCE Flaw in vCenter Server
The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system.
🕴 The Realities of Extended Detection and Response (XDR) Technology 🕴
📖 Read
via "Dark Reading".
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.📖 Read
via "Dark Reading".
Dark Reading
The Realities of Extended Detection and Response (XDR) Technology
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.
‼ CVE-2021-21974 ‼
📖 Read
via "National Vulnerability Database".
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-11988 ‼
📖 Read
via "National Vulnerability Database".
Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21972 ‼
📖 Read
via "National Vulnerability Database".
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27224 ‼
📖 Read
via "National Vulnerability Database".
In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7836 ‼
📖 Read
via "National Vulnerability Database".
VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack. It finally leads to a stack-based buffer overflow via access to crafted web page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-11987 ‼
📖 Read
via "National Vulnerability Database".
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21973 ‼
📖 Read
via "National Vulnerability Database".
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4931 ‼
📖 Read
via "National Vulnerability Database".
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22667 ‼
📖 Read
via "National Vulnerability Database".
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).📖 Read
via "National Vulnerability Database".
🕴 Kaseya Buys Managed SOC Provider 🕴
📖 Read
via "Dark Reading".
Purchase extends offerings for MSP and SMB customers📖 Read
via "Dark Reading".
Dark Reading
Kaseya Buys Managed SOC Provider
Purchase extends offerings for MSP and SMB customers