โ Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports โ
๐ Read
via "Threat Post".
Australian immunization app bug lets attackers fake vaccine status.๐ Read
via "Threat Post".
Threat Post
Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports
Australian immunization app bug lets attackers fake vaccine status.
โผ CVE-2021-28566 โผ
๐ Read
via "National Vulnerability Database".
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3053 โผ
๐ Read
via "National Vulnerability Database".
An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40346 โผ
๐ Read
via "National Vulnerability Database".
An integer overflow exists in HAProxy 2.0 through 2.5 in the htx_add_header() can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-33981 โผ
๐ Read
via "National Vulnerability Database".
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28567 โผ
๐ Read
via "National Vulnerability Database".
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3049 โผ
๐ Read
via "National Vulnerability Database".
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-33982 โผ
๐ Read
via "National Vulnerability Database".
An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21897 โผ
๐ Read
via "National Vulnerability Database".
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21104 โผ
๐ Read
via "National Vulnerability Database".
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3051 โผ
๐ Read
via "National Vulnerability Database".
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3055 โผ
๐ Read
via "National Vulnerability Database".
An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.6. This issue does not affect Prisma Access.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28569 โผ
๐ Read
via "National Vulnerability Database".
Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21103 โผ
๐ Read
via "National Vulnerability Database".
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3052 โผ
๐ Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-24672 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .๐ Read
via "National Vulnerability Database".
โผ CVE-2021-21105 โผ
๐ Read
via "National Vulnerability Database".
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-35526 โผ
๐ Read
via "National Vulnerability Database".
Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager รขโฌโ SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager รขโฌโ SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3054 โผ
๐ Read
via "National Vulnerability Database".
A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7; PAN-OS 10.1 versions earlier than PAN-OS 10.1.2. This issue does not affect Prisma Access.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28732 โผ
๐ Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-28372. Reason: This candidate is a duplicate of CVE-2021-28372. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2021-28372 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.๐ Read
via "National Vulnerability Database".
๐ Mitigations Available for Latest Office Zero Day ๐
๐ Read
via "".
There's no patch yet but Microsoft has released a workaround to mitigate the latest zero day, a vulnerability announced this week in WIndows 10 and Windows Server.๐ Read
via "".
Digital Guardian
Mitigations Available for Latest Office Zero Day
There's no patch yet but Microsoft has released a workaround to mitigate the latest zero day, a vulnerability announced this week in WIndows 10 and Windows Server.