βΌ CVE-2021-20118 βΌ
π Read
via "National Vulnerability Database".
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28498 βΌ
π Read
via "National Vulnerability Database".
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x trainπ Read
via "National Vulnerability Database".
βΌ CVE-2021-28494 βΌ
π Read
via "National Vulnerability Database".
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releasesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-36871 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38408 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28499 βΌ
π Read
via "National Vulnerability Database".
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x trainπ Read
via "National Vulnerability Database".
β SideWalk Backdoor Linked to China-Linked Spy Group βGrayflyβ β
π Read
via "Threat Post".
Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers. π Read
via "Threat Post".
Threat Post
SideWalk Backdoor Linked to China-Linked Spy Group βGrayflyβ
Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers.
π¦Ώ Malicious office documents: The latest trend in cybercriminal exploitation π¦Ώ
π Read
via "Tech Republic".
Cyberattacks have surged during the coronavirus pandemic as criminals rake in bountiful ransomware payouts. Malicious office docs have been on the rise for months, per a new report.π Read
via "Tech Republic".
TechRepublic
Malicious office documents: The latest trend in cybercriminal exploitation
Cyberattacks have surged during the coronavirus pandemic as criminals rake in bountiful ransomware payouts. Malicious office docs have been on the rise for months, per a new report.
π Phishing Attack Prevention: How to Identify & Avoid Phishing Scams in 2021 π
π Read
via "".
A panel of infosec experts discuss the most common phishing attacks and how to prevent them.π Read
via "".
βΌ CVE-2020-19143 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38540 βΌ
π Read
via "National Vulnerability Database".
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22239 βΌ
π Read
via "National Vulnerability Database".
An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37101 βΌ
π Read
via "National Vulnerability Database".
There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38723 βΌ
π Read
via "National Vulnerability Database".
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/itemsπ Read
via "National Vulnerability Database".
βΌ CVE-2020-19515 βΌ
π Read
via "National Vulnerability Database".
qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3761 βΌ
π Read
via "National Vulnerability Database".
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as "RPKI invalid". Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38725 βΌ
π Read
via "National Vulnerability Database".
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2020-19144 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38721 βΌ
π Read
via "National Vulnerability Database".
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerabilityπ Read
via "National Vulnerability Database".
π¦Ώ Stop using your web browser security wrong π¦Ώ
π Read
via "Tech Republic".
Chances are good you're not using your browser with a strong enough eye on security. Jack Wallen offers up some advice to the average user on how to browse safer.π Read
via "Tech Republic".
TechRepublic
Stop using your web browser security wrong
Chances are good you're not using your browser with a strong enough eye on security. Jack Wallen offers up some advice to the average user on how to browse safer.
β βAzurescapeβ Kubernetes Attack Allows Cross-Container Cloud Compromise β
π Read
via "Threat Post".
A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.π Read
via "Threat Post".
Threat Post
βAzurescapeβ Kubernetes Attack Allows Cross-Container Cloud Compromise
A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.