‼ CVE-2021-29148 ‼
📖 Read
via "National Vulnerability Database".
A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.📖 Read
via "National Vulnerability Database".
❌ Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day ❌
📖 Read
via "Threat Post".
Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.📖 Read
via "Threat Post".
🕴 7 Hot Cyber Threat Trends to Expect at Black Hat 🕴
📖 Read
via "Dark Reading".
A sneak peek of some of the main themes at Black Hat USA next month.📖 Read
via "Dark Reading".
Dark Reading
7 Hot Cyber Threat Trends to Expect at Black Hat
A sneak peek of some of the main themes at Black Hat USA next month.
🔏 An Interview with Adam Burns, Manager of Cybersecurity Analysts at Digital Guardian Part II 🔏
📖 Read
via "".
In part two of our Q&A with Adam Burns, we discuss how to expand the security talent pool, the potential impact of automation on infosec, and the biggest challenge facing the industry.📖 Read
via "".
Digital Guardian
An Interview with Adam Burns, Manager of Cybersecurity Analysts at Digital Guardian Part II
In part two of our Q&A with Adam Burns, we discuss how to expand the security talent pool, the potential impact of automation on infosec, and the biggest challenge facing the industry.
🦿 Scammers offer streaming services, giveaways and a fake cyber currency to cash in on the Olympic Games 🦿
📖 Read
via "Tech Republic".
Kaspersky's analysis found that cybercriminals are getting extra creative with the latest campaigns designed to harvest credentials.📖 Read
via "Tech Republic".
TechRepublic
Scammers offer streaming services, giveaways and a fake cyber currency to cash in on the Olympic Games
Kaspersky's analysis found that cybercriminals are getting extra creative with the latest campaigns designed to harvest credentials.
❌ Industrial Networks Exposed Through Cloud-Based Operational Tech ❌
📖 Read
via "Threat Post".
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms.📖 Read
via "Threat Post".
Threat Post
Industrial Networks Exposed Through Cloud-Based Operational Tech
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms.
‼ CVE-2021-26228 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5316 ‼
📖 Read
via "National Vulnerability Database".
Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1618 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26762 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1601 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29657 ‼
📖 Read
via "National Vulnerability Database".
arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26764 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33478 ‼
📖 Read
via "National Vulnerability Database".
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26229 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23897 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability. However, the number was once accidentally misused to refer to the vulnerability that has the proper number of CVE-2021-31830. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26230 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26227 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1600 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26765 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1614 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.📖 Read
via "National Vulnerability Database".