‼ CVE-2021-38840 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34147 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34150 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity.📖 Read
via "National Vulnerability Database".
❌ Authorities Arrest Another TrickBot Gang Member in South Korea ❌
📖 Read
via "Threat Post".
A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions.📖 Read
via "Threat Post".
Threat Post
Authorities Arrest Another TrickBot Gang Member in South Korea
A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions.
‼ CVE-2021-37717 ‼
📖 Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-5318 ‼
📖 Read
via "National Vulnerability Database".
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37723 ‼
📖 Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37731 ‼
📖 Read
via "National Vulnerability Database".
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37724 ‼
📖 Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38698 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33599 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37722 ‼
📖 Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37218 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37721 ‼
📖 Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38615 ‼
📖 Read
via "National Vulnerability Database".
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36717 ‼
📖 Read
via "National Vulnerability Database".
In order to perform a directory traversal attack, all an attacker needs is a web browser and some knowledge on where to blindly find any default files and directories on the system. on the "Name" parameter the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7877 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37718 ‼
📖 Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37720 ‼
📖 Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37733 ‼
📖 Read
via "National Vulnerability Database".
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37725 ‼
📖 Read
via "National Vulnerability Database".
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".