‼ CVE-2021-35215 ‼
📖 Read
via "National Vulnerability Database".
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36044 ‼
📖 Read
via "National Vulnerability Database".
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36064 ‼
📖 Read
via "National Vulnerability Database".
XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36074 ‼
📖 Read
via "National Vulnerability Database".
Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36070 ‼
📖 Read
via "National Vulnerability Database".
Adobe Media Encoder version 15.1 (and earlier) is affected by an improper memory access vulnerability when parsing a crafted .SVG file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36037 ‼
📖 Read
via "National Vulnerability Database".
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36052 ‼
📖 Read
via "National Vulnerability Database".
XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
❌ Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites ❌
📖 Read
via "Threat Post".
Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned.📖 Read
via "Threat Post".
Threat Post
Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites
Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned.
🔏 Why our Agent Integration with Microsoft Information Protection is Valuable for Enterprise Data Protection 🔏
📖 Read
via "".
Learn how Digital Guardian's integration with Microsoft Information Protection can help educate and enforce proper labeling and handling of data.📖 Read
via "".
Digital Guardian
Why Our Agent Integration with Microsoft Information Protection is Valuable for Enterprise Data Protection
Learn how Digital Guardian's integration with Microsoft Information Protection can help educate and enforce proper labeling and handling of data.
‼ CVE-2021-29851 ‼
📖 Read
via "National Vulnerability Database".
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29853 ‼
📖 Read
via "National Vulnerability Database".
IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29852 ‼
📖 Read
via "National Vulnerability Database".
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40385 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20340 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39181 ‼
📖 Read
via "National Vulnerability Database".
OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the attacker. The attack requires an OpenOlat user account with the authoring role. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3, and 16.0.0. There are no known workarounds aside from upgrading.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39186 ‼
📖 Read
via "National Vulnerability Database".
GlobalNewFiles is a package in Miraheze, a wiki hosting service. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a workaround, one may disallow <,> (or other characters required to insert html/js) from being used in account names so an XSS is not possible.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39185 ‼
📖 Read
via "National Vulnerability Database".
Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null Origin Attack. The problem is fixed in 0.21.27, 0.22.3, 0.23.2, and 1.0.0-M25. The original `CORS` implementation and `CORSConfig` are deprecated. See the GitHub GHSA for more information, including code examples and workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20341 ‼
📖 Read
via "National Vulnerability Database".
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40387 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34733 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34759 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need valid administrative credentials.📖 Read
via "National Vulnerability Database".