βΌ CVE-2021-21576 βΌ
π Read
via "National Vulnerability Database".
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victimΓ’β¬β’s browser by tricking a victim in to following a specially crafted link.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32814 βΌ
π Read
via "National Vulnerability Database".
Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21579 βΌ
π Read
via "National Vulnerability Database".
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36763 βΌ
π Read
via "National Vulnerability Database".
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32017 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21577 βΌ
π Read
via "National Vulnerability Database".
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victimΓ’β¬β’s browser by tricking a victim in to following a specially crafted link.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31503 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IGS files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12690.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21581 βΌ
π Read
via "National Vulnerability Database".
Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victimΓ’β¬β’s browser by tricking a victim in to following a specially crafted link.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31504 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12691.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37558 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters. The vulnerability can be exploited only when a valid Knowledge Base URL is configured on the Knowledge Base configuration page and points to a MediaWiki instance. This relates to the proxy feature in class/centreon-knowledge/ProceduresProxy.class.php and include/configuration/configKnowledge/proxy/proxy.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33485 βΌ
π Read
via "National Vulnerability Database".
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37557 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21580 βΌ
π Read
via "National Vulnerability Database".
Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate.π Read
via "National Vulnerability Database".
β Ransomware Volumes Hit Record Highs as 2021 Wears On β
π Read
via "Threat Post".
The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way.π Read
via "Threat Post".
Threat Post
Ransomware Volumes Hit Record Highs as 2021 Wears On
The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way.
β Iranian APT Lures Defense Contractor in Catfishing-Malware Scam β
π Read
via "Threat Post".
Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456.π Read
via "Threat Post".
Threat Post
Iranian APT Lures Defense Contractor in Catfishing-Malware Scam
Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456.
βΌ CVE-2021-30571 βΌ
π Read
via "National Vulnerability Database".
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30589 βΌ
π Read
via "National Vulnerability Database".
Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30569 βΌ
π Read
via "National Vulnerability Database".
Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30581 βΌ
π Read
via "National Vulnerability Database".
Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30576 βΌ
π Read
via "National Vulnerability Database".
Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30582 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.π Read
via "National Vulnerability Database".