‼ CVE-2021-20076 ‼
📖 Read
via "National Vulnerability Database".
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22683 ‼
📖 Read
via "National Vulnerability Database".
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27927 ‼
📖 Read
via "National Vulnerability Database".
In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x before 5.2.4rc1, and 5.3.x and 5.4.x before 5.4.0alpha1, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22883 ‼
📖 Read
via "National Vulnerability Database".
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28591 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29047 ‼
📖 Read
via "National Vulnerability Database".
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22188 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20441 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27749 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25647 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27779 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.📖 Read
via "National Vulnerability Database".
❌ Home-Office Photos: A Ripe Cyberattack Vector ❌
📖 Read
via "Threat Post".
Threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk.📖 Read
via "Threat Post".
Threat Post
Home-Office Photos: A Ripe Cyberattack Vector
Threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk.
🔏 Exchange Zero Day Vulnerabilities Should be Patched ASAP 🔏
📖 Read
via "Digital Guardian".
Microsoft said Tuesday that attackers operating out of China have been exploiting four zero days in Microsoft Exchange to steal email and that administrators should patch systems immediately.📖 Read
via "Digital Guardian".
Digital Guardian
Exchange Zero Day Vulnerabilities Should be Patched ASAP
Microsoft said Tuesday that attackers operating out of China have been exploiting four zero days in Microsoft Exchange enterprise email servers to steal email and that administrators should patch systems immediately.
❌ Google Patches Actively-Exploited Flaw in Chrome Browser ❌
📖 Read
via "Threat Post".
A flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users.📖 Read
via "Threat Post".
Threat Post
Google Patches Actively Exploited Flaw in Chrome Browser
A flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users.
❌ Malaysia Air Downplays Frequent-Flyer Program Data Breach ❌
📖 Read
via "Threat Post".
A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals. 📖 Read
via "Threat Post".
Threat Post
Malaysia Air Downplays Frequent-Flyer Program Data Breach
A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals.
‼ CVE-2021-27935 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27839 ‼
📖 Read
via "National Vulnerability Database".
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21313 ‼
📖 Read
via "National Vulnerability Database".
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not properly sanitized. Here are two payloads (due to two different exploitations depending on which parameter you act) to exploit the vulnerability:/ajax/common.tabs.php?_target=javascript:alert(document.cookie)&_itemtype=DisplayPreference&_glpi_tab=DisplayPreference$2&id=258&displaytype=Ticket (Payload triggered if you click on the button). /ajax/common.tabs.php?_target=/front/ticket.form.php&_itemtype=Ticket&_glpi_tab=Ticket$1&id=(){};(function%20(){alert(document.cookie);})();function%20a&#.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21312 ‼
📖 Read
via "National Vulnerability Database".
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/document.form.php endpoint), indeed one of the form field: "Web Link" is not properly sanitized and a malicious user (who has document upload rights) can use it to deliver JavaScript payload. For example if you use the following payload: " accesskey="x" onclick="alert(1)" x=", the content will be saved within the database without any control. And then once you return to the summary documents page, by clicking on the "Web Link" of the newly created file it will create a new empty tab, but on the initial tab the pop-up "1" will appear.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27931 ‼
📖 Read
via "National Vulnerability Database".
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21314 ‼
📖 Read
via "National Vulnerability Database".
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.📖 Read
via "National Vulnerability Database".