βΌ CVE-2021-38150 βΌ
π Read
via "National Vulnerability Database".
When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23049 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel (TMM) memory utilization resulting in an out-of-memory condition and a denial-of-service (DoS). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38176 βΌ
π Read
via "National Vulnerability Database".
Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37531 βΌ
π Read
via "National Vulnerability Database".
SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21489 βΌ
π Read
via "National Vulnerability Database".
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of portal content.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38174 βΌ
π Read
via "National Vulnerability Database".
When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
ποΈ Speer review: Researchers pick apart Node.js communication app ποΈ
π Read
via "The Daily Swig".
Email content injection flaws chained to bypass security controlsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Speer review: Researchers pick apart Node.js communication app
Email content injection flaws chained to bypass security controls
β Pair of Google Chrome Zero-Day Bugs Actively Exploited β
π Read
via "Threat Post".
The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year.π Read
via "Threat Post".
Threat Post
Pair of Google Chrome Zero-Day Bugs Actively Exploited
The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year.
βΌ CVE-2021-23043 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23040 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23041 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23047 βΌ
π Read
via "National Vulnerability Database".
On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29841 βΌ
π Read
via "National Vulnerability Database".
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20508 βΌ
π Read
via "National Vulnerability Database".
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23042 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23046 βΌ
π Read
via "National Vulnerability Database".
On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20569 βΌ
π Read
via "National Vulnerability Database".
IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20582 βΌ
π Read
via "National Vulnerability Database".
IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 199328.π Read
via "National Vulnerability Database".
π OpenDNSSEC 2.1.10 π
π Read
via "Packet Storm Security".
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenDNSSEC 2.1.10 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β ZLoaderβs Back, Abusing Google AdWords, Disabling Windows Defender β
π Read
via "Threat Post".
The well-known banking trojan retools for stealth with a whole new attack routine, including using ads for Microsoft TeamViewer and Zoom to lure victims in.π Read
via "Threat Post".
Threat Post
ZLoaderβs Back, Abusing Google AdWords, Disabling Windows Defender
The well-known banking trojan retools for stealth with a whole new attack routine, including using ads for Microsoft TeamViewer and Zoom to lure victims in.
π¦Ώ Why you should avoid those fun social media "tell us about yourself" questions π¦Ώ
π Read
via "Tech Republic".
Social media is overflowing with quizzes, surveys and opportunities to tell the world about yourself. Learn why you should skip these to protect yourself and your identity.π Read
via "Tech Republic".
TechRepublic
Why you should avoid those fun social media "tell us about yourself" questions
Social media is overflowing with quizzes, surveys and opportunities to tell the world about yourself. Learn why you should skip these to protect yourself and your identity.