βΌ CVE-2021-37718 βΌ
π Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37720 βΌ
π Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37733 βΌ
π Read
via "National Vulnerability Database".
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37725 βΌ
π Read
via "National Vulnerability Database".
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38617 βΌ
π Read
via "National Vulnerability Database".
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38616 βΌ
π Read
via "National Vulnerability Database".
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37219 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.π Read
via "National Vulnerability Database".
β Poisoned proxy PACs! The NPM package with a network-wide security holeβ¦ β
π Read
via "Naked Security".
3,000,000 downloads a week... if only they'd read the fastidious manual!π Read
via "Naked Security".
Naked Security
Poisoned proxy PACs! The NPM package with a network-wide security holeβ¦
3,000,000 downloads a weekβ¦ if only theyβd read the fastidious manual!
π Packet Fence 11.0.0 π
π Read
via "Packet Storm Security".
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.π Read
via "Packet Storm Security".
Packetstormsecurity
Packet Fence 11.0.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Samhain File Integrity Checker 4.4.6 π
π Read
via "Packet Storm Security".
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.π Read
via "Packet Storm Security".
Packetstormsecurity
Samhain File Integrity Checker 4.4.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-39254 βΌ
π Read
via "National Vulnerability Database".
A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7865 βΌ
π Read
via "National Vulnerability Database".
A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33285 βΌ
π Read
via "National Vulnerability Database".
In Tuxera ntfs-3g versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27022 βΌ
π Read
via "National Vulnerability Database".
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).π Read
via "National Vulnerability Database".
βΌ CVE-2021-39263 βΌ
π Read
via "National Vulnerability Database".
A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39260 βΌ
π Read
via "National Vulnerability Database".
A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39258 βΌ
π Read
via "National Vulnerability Database".
A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33289 βΌ
π Read
via "National Vulnerability Database".
In Tuxera NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39257 βΌ
π Read
via "National Vulnerability Database".
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39262 βΌ
π Read
via "National Vulnerability Database".
A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39259 βΌ
π Read
via "National Vulnerability Database".
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.π Read
via "National Vulnerability Database".