‼ CVE-2021-34713 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1963 ‼
📖 Read
via "National Vulnerability Database".
Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1974 ‼
📖 Read
via "National Vulnerability Database".
Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34737 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the dhcpd process. While the dhcpd process is restarting, which may take up to approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period. Note: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1934 ‼
📖 Read
via "National Vulnerability Database".
Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34721 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
❌ BladeHawk Attackers Target Kurds with Android Apps ❌
📖 Read
via "Threat Post".
Pro-Kurd Facebook profiles deliver '888 RAT' and 'SpyNote' trojans, masked as legitimate apps, to perform mobile espionage.📖 Read
via "Threat Post".
Threat Post
BladeHawk Attackers Target Kurds with Android Apps
Pro-Kurd Facebook profiles deliver '888 RAT' and 'SpyNote' trojans, masked as legitimate apps, to perform mobile espionage.
🦿 How to set up two-step verification for your Google account 🦿
📖 Read
via "Tech Republic".
Two-step verification can better secure and safeguard your account. Here's how to set it up.📖 Read
via "Tech Republic".
TechRepublic
How to set up two-step verification for your Google account
Two-step verification can better secure and safeguard your account. Here's how to set it up.
🦿 WFH is a cybersecurity "ticking time bomb," according to a new report 🦿
📖 Read
via "Tech Republic".
IT teams are experiencing employee pushback due to remote work policies and many feel like cybersecurity is a "thankless task" and that they're the "bad guys" for implementing these rules.📖 Read
via "Tech Republic".
TechRepublic
WFH is a cybersecurity "ticking time bomb," according to a new report
IT teams are experiencing employee pushback due to remote work policies and many feel like cybersecurity is a "thankless task" and that they're the "bad guys" for implementing these rules.
❌ Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix ❌
📖 Read
via "Threat Post".
An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom.📖 Read
via "Threat Post".
Threat Post
Zoho ManageEngine Password Manager Zero-Day Gets a Fix, Amid Attacks
An authentication bypass vulnerability in the ManageEngine ADSelfService Plus platform leading to remote code execution offers up the keys to the corporate kingdom.
‼ CVE-2021-40223 ‼
📖 Read
via "National Vulnerability Database".
Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog). This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts). The XSS payload will be triggered when the user accesses some specific sections of the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36870 ‼
📖 Read
via "National Vulnerability Database".
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20117 ‼
📖 Read
via "National Vulnerability Database".
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28495 ‼
📖 Read
via "National Vulnerability Database".
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39458 ‼
📖 Read
via "National Vulnerability Database".
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40222 ‼
📖 Read
via "National Vulnerability Database".
Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitize user input on Network TCP/IP configuration page. This allows the attacker to inject commands as root on the device which will be executed once the data is received.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39459 ‼
📖 Read
via "National Vulnerability Database".
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26603 ‼
📖 Read
via "National Vulnerability Database".
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7873 ‼
📖 Read
via "National Vulnerability Database".
Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26608 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28497 ‼
📖 Read
via "National Vulnerability Database".
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train📖 Read
via "National Vulnerability Database".