‼ CVE-2021-37347 ‼
📖 Read
via "National Vulnerability Database".
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37348 ‼
📖 Read
via "National Vulnerability Database".
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37349 ‼
📖 Read
via "National Vulnerability Database".
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37343 ‼
📖 Read
via "National Vulnerability Database".
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37353 ‼
📖 Read
via "National Vulnerability Database".
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31399 ‼
📖 Read
via "National Vulnerability Database".
On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37344 ‼
📖 Read
via "National Vulnerability Database".
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37352 ‼
📖 Read
via "National Vulnerability Database".
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37346 ‼
📖 Read
via "National Vulnerability Database".
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37351 ‼
📖 Read
via "National Vulnerability Database".
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37345 ‼
📖 Read
via "National Vulnerability Database".
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.📖 Read
via "National Vulnerability Database".
🦿 What is zero trust security? 🦿
📖 Read
via "Tech Republic".
Want a zero-trust security primer on this complex cybersecurity topic? Brandon Vigliarolo breaks it down for you.📖 Read
via "Tech Republic".
TechRepublic
Zero trust security: A cheat sheet
Zero trust means rethinking the safety of every bit of tech on a network. Learn five steps to building a zero trust environment.
‼ CVE-2021-38621 ‼
📖 Read
via "National Vulnerability Database".
The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3573 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3635 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27741 ‼
📖 Read
via "National Vulnerability Database".
" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38619 ‼
📖 Read
via "National Vulnerability Database".
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38583 ‼
📖 Read
via "National Vulnerability Database".
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).📖 Read
via "National Vulnerability Database".
🦿 Company size is a nonissue with automated cyberattack tools 🦿
📖 Read
via "Tech Republic".
Even with plenty of old problems to contend with, an expert suggests security pros need to get ready for new and more powerful automated ransomware tools.📖 Read
via "Tech Republic".
TechRepublic
Company size is a nonissue with automated cyberattack tools
Even with plenty of old problems to contend with, an expert suggests security pros need to get ready for new and more powerful automated ransomware tools.
🔏 Friday Five 8/13 🔏
📖 Read
via "".
SBOMs, the biggest cryptocurrency theft in history, and the push for a 72 hour data breach disclosure window - catch up on the week's infosec news with the Friday Five!📖 Read
via "".
Digital Guardian
Friday Five 8/13
SBOMs, the biggest cryptocurrency theft in history, and the push for a 72 hour data breach disclosure window - catch up on the week's infosec news with the Friday Five!
🦿 Excel is still a security headache after 30 years because of this one feature 🦿
📖 Read
via "Tech Republic".
Threat researcher explains why it's tricky to tell the difference between legitimate Excel Macros and ones that deliver malware.📖 Read
via "Tech Republic".
TechRepublic
Excel is still a security headache after 30 years because of this one feature
Threat researcher explains why it's tricky to tell the difference between legitimate Excel Macros and ones that deliver malware.