‼ CVE-2021-21726 ‼
📖 Read
via "National Vulnerability Database".
Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21518 ‼
📖 Read
via "National Vulnerability Database".
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21067 ‼
📖 Read
via "National Vulnerability Database".
Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21085 ‼
📖 Read
via "National Vulnerability Database".
Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into the registration form and achieve arbitrary code execution in the context of the admin account.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21080 ‼
📖 Read
via "National Vulnerability Database".
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20232 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21069 ‼
📖 Read
via "National Vulnerability Database".
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21076 ‼
📖 Read
via "National Vulnerability Database".
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21072 ‼
📖 Read
via "National Vulnerability Database".
Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21078 ‼
📖 Read
via "National Vulnerability Database".
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction📖 Read
via "National Vulnerability Database".
❌ Critical Security Hole Can Knock Smart Meters Offline ❌
📖 Read
via "Threat Post".
Unpatched Schneider Electric PowerLogic ION/PM smart meters are open to dangerous attacks.📖 Read
via "Threat Post".
Threat Post
Critical Security Hole Can Knock Smart Meters Offline
Unpatched Schneider Electric PowerLogic ION/PM smart meters are open to dangerous attacks.
‼ CVE-2021-28162 ‼
📖 Read
via "National Vulnerability Database".
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28161 ‼
📖 Read
via "National Vulnerability Database".
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27290 ‼
📖 Read
via "National Vulnerability Database".
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28092 ‼
📖 Read
via "National Vulnerability Database".
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20017 ‼
📖 Read
via "National Vulnerability Database".
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20018 ‼
📖 Read
via "National Vulnerability Database".
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28361 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35682 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).📖 Read
via "National Vulnerability Database".
⚠ Naked Security Live – HAFNIUM explained in plain English ⚠
📖 Read
via "Naked Security".
Latest episode - watch now!📖 Read
via "Naked Security".
Naked Security
Naked Security Live – HAFNIUM explained in plain English
Latest episode – watch now!
‼ CVE-2021-28379 ‼
📖 Read
via "National Vulnerability Database".
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.📖 Read
via "National Vulnerability Database".