βΌ CVE-2021-32071 βΌ
π Read
via "National Vulnerability Database".
The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36793 βΌ
π Read
via "National Vulnerability Database".
The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37028 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36785 βΌ
π Read
via "National Vulnerability Database".
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32068 βΌ
π Read
via "National Vulnerability Database".
The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify application data and state.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36792 βΌ
π Read
via "National Vulnerability Database".
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38302 βΌ
π Read
via "National Vulnerability Database".
The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38554 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Vault and Vault EnterpriseΓ’β¬β’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18759 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32069 βΌ
π Read
via "National Vulnerability Database".
The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18757 βΌ
π Read
via "National Vulnerability Database".
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36790 βΌ
π Read
via "National Vulnerability Database".
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36788 βΌ
π Read
via "National Vulnerability Database".
The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36791 βΌ
π Read
via "National Vulnerability Database".
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37586 βΌ
π Read
via "National Vulnerability Database".
The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18753 βΌ
π Read
via "National Vulnerability Database".
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32067 βΌ
π Read
via "National Vulnerability Database".
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.π Read
via "National Vulnerability Database".
β Exchange Servers Under Active Attack via ProxyShell Bugs β
π Read
via "Threat Post".
Thereβs an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs.π Read
via "Threat Post".
Threat Post
Exchange Servers Under Active Attack via ProxyShell Bugs
Thereβs an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs.
βΌ CVE-2021-21829 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T LabsΓ’β¬β’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21830 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T LabsΓ’β¬β’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
β SolarWinds 2.0 Could Ignite Financial Crisis β Podcast β
π Read
via "Threat Post".
Thatβs what NY State suggests could happen, given the utter lack of cybersec protection at many private equity & hedge fund firms. Can AI help avert it?π Read
via "Threat Post".
Threat Post
SolarWinds 2.0 Could Ignite Financial Crisis β Podcast
Thatβs what NY State suggests could happen, given the utter lack of cybersec protection at many private equity & hedge fund firms. Can AI help avert it?