‼ CVE-2021-41054 ‼
📖 Read
via "National Vulnerability Database".
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41033 ‼
📖 Read
via "National Vulnerability Database".
In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.📖 Read
via "National Vulnerability Database".
❌ Apple Issues Emergency Fix for NSO Zero-Click Zero Day ❌
📖 Read
via "Threat Post".
Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches.📖 Read
via "Threat Post".
Threat Post
Apple Issues Emergency Fix for NSO Zero-Click Zero Day
Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches.
‼ CVE-2020-20671 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20672 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20670 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file.📖 Read
via "National Vulnerability Database".
⚠ Apple products vulnerable to FORCEDENTRY zero-day attack – patch now! ⚠
📖 Read
via "Naked Security".
Double trouble: two zero-days, patched in the same emergency update. So please don't delay - patch today!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2021-41072 ‼
📖 Read
via "National Vulnerability Database".
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.📖 Read
via "National Vulnerability Database".
❌ BlackMatter Ransomware Hits Japanese Tech Giant Olympus ❌
📖 Read
via "Threat Post".
The incident that occurred Sept. 8 and affected its EMEA IT systems seems to signal a return to business as usual for ransomware groups.📖 Read
via "Threat Post".
Threat Post
BlackMatter Ransomware Hits Japanese Tech Giant Olympus
The incident that occurred Sept. 8 and affected its EMEA IT systems seems to signal a return to business as usual for ransomware groups.
‼ CVE-2021-37183 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33719 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37201 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37193 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37203 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in NX 1980 Series (All versions < V1984). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37191 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37174 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37173 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have an exposure of sensitive information vulnerability, if exploited, it could allow an authenticated attacker to extract data via Secure Shell (SSH).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40356 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37192 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37200 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-10941 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges.📖 Read
via "National Vulnerability Database".