βΌ CVE-2021-37202 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in NX 1980 Series (All versions < V1984). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37181 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27391 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25665 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2021.2.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13700)π Read
via "National Vulnerability Database".
βΌ CVE-2021-37190 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40357 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33716 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37206 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.π Read
via "National Vulnerability Database".
ποΈ Olympus insists medical services βuninterruptedβ by malware attack ποΈ
π Read
via "The Daily Swig".
Unconfirmed reports suggest Japanese multinational was hit by ransomwareπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Olympus insists medical services βuninterruptedβ by malware attack
Unconfirmed reports suggest Japanese multinational was hit by ransomware
β Romance, BEC Scams Lands Soldier in Jail for 46 Months β
π Read
via "Threat Post".
A former Army Reservist pleaded guilty to scamming the elderly with catfishing and stealing from veterans.π Read
via "Threat Post".
Threat Post
Romance, BEC Scams Lands Soldier in Jail for 46 Months
A former Army Reservist pleaded guilty to scamming the elderly with catfishing and stealing from veterans.
β Unpatched Bugs Plague Databases; Your Data Is Probably Not Secure β Podcast β
π Read
via "Threat Post".
Imperva's Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws.π Read
via "Threat Post".
π¦Ώ Apple releases emergency patch to protect all devices against Pegasus spyware π¦Ώ
π Read
via "Tech Republic".
Designed to combat zero-day flaws exploited in Apple's operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac.π Read
via "Tech Republic".
βΌ CVE-2021-33674 βΌ
π Read
via "National Vulnerability Database".
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary code on the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36582 βΌ
π Read
via "National Vulnerability Database".
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38163 βΌ
π Read
via "National Vulnerability Database".
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38175 βΌ
π Read
via "National Vulnerability Database".
SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there would be an impact on integrity and confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33686 βΌ
π Read
via "National Vulnerability Database".
Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37532 βΌ
π Read
via "National Vulnerability Database".
SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37535 βΌ
π Read
via "National Vulnerability Database".
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23053 βΌ
π Read
via "National Vulnerability Database".
On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33688 βΌ
π Read
via "National Vulnerability Database".
SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained.π Read
via "National Vulnerability Database".