βΌ CVE-2021-37419 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37420 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28960 βΌ
π Read
via "National Vulnerability Database".
ManageEngine Desktop Central before build 10.0.683 allows Unauthenticated Remote Code Execution during communication with Notification Server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37741 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0869 βΌ
π Read
via "National Vulnerability Database".
In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/Aπ Read
via "National Vulnerability Database".
π¦Ώ Google, Microsoft and Oracle amassed the most cybersecurity vulnerabilities in the first half of 2021 π¦Ώ
π Read
via "Tech Republic".
A recent AtlasVPN report rounds up an inglorious cybersecurity top 10 of sorts, highlighting the companies that have amassed the most vulnerabilities in the first half of this year.π Read
via "Tech Republic".
ποΈ Weaponized ManageEngine flaw poses βserious riskβ to high-profile US targets β CISA ποΈ
π Read
via "The Daily Swig".
Warning from US government agency urges prompt triageπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Weaponized ManageEngine flaw poses βserious riskβ to high-profile US targets β CISA
Warning from US government agency urges prompt triage
β Turla APT Plants Novel Backdoor In Wake of Afghan Unrest β
π Read
via "Threat Post".
βTinyTurla,β simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.π Read
via "Threat Post".
Threat Post
Turla APT Plants Novel Backdoor In Wake of Afghan Unrest
βTinyTurla,β simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.
β iOS 15 includes Face ID fix for security bypass using fake heads β
π Read
via "Naked Security".
Fake heads! (Cue dystopian scifi music.)π Read
via "Naked Security".
Naked Security
iOS 15 launches with 22 documented security patches β including a Face ID bypass using a β3D modelβ
Fake heads! (Cue dystopian scifi music.)
βΌ CVE-2021-41525 βΌ
π Read
via "National Vulnerability Database".
An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41531 βΌ
π Read
via "National Vulnerability Database".
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.π Read
via "National Vulnerability Database".
β Hackers Are Going βDeep-Sea Phishing,β So What Can You Do About It? β
π Read
via "Threat Post".
Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses.π Read
via "Threat Post".
Threat Post
Hackers Are Going βDeep-Sea Phishing,β So What Can You Do About It?
Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses.
βΌ CVE-2021-23444 βΌ
π Read
via "National Vulnerability Database".
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40868 βΌ
π Read
via "National Vulnerability Database".
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23443 βΌ
π Read
via "National Vulnerability Database".
This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39230 βΌ
π Read
via "National Vulnerability Database".
Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29831 βΌ
π Read
via "National Vulnerability Database".
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29795 βΌ
π Read
via "National Vulnerability Database".
IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557.π Read
via "National Vulnerability Database".
π Cryptocurrency Exchange Linked to Ransomware Groups Sanctioned π
π Read
via "".
The move, the Treasury's first sanctions designation against a virtual currency exchange, is part of the US governmentβs attempt to cut off revenue to ransomware gangs.π Read
via "".
Digital Guardian
Cryptocurrency Exchange Linked to Ransomware Groups Sanctioned
The move, the Treasury's first sanctions designation against a virtual currency exchange, is part of the US governmentβs attempt to cut off revenue to ransomware gangs.
β Epik Confirms Hack, Gigabytes of Data on Offer β
π Read
via "Threat Post".
"Time to find out who in your family secretly ran ... [a] QAnon hellhole," said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security.π Read
via "Threat Post".
Threat Post
Epik Confirms Hack, Gigabytes of Data on Offer
Hacktivist collective Anonymous said the company had laughable security.
βΌ CVE-2021-40847 βΌ
π Read
via "National Vulnerability Database".
The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by default. This daemon connects to Circle and NETGEAR to obtain version information and updates to the circled daemon and its filtering database. However, database updates from NETGEAR are unsigned and downloaded via cleartext HTTP. As such, an attacker with the ability to perform a MitM attack on the device can respond to circled update requests with a crafted, compressed database file, the extraction of which gives the attacker the ability to overwrite executable files with attacker-controlled code. This affects R6400v2 1.0.4.106, R6700 1.0.2.16, R6700v3 1.0.4.106, R6900 1.0.2.16, R6900P 1.3.2.134, R7000 1.0.11.123, R7000P 1.3.2.134, R7850 1.0.5.68, R7900 1.0.4.38, R8000 1.0.4.68, and RS400 1.5.0.68.π Read
via "National Vulnerability Database".