βΌ CVE-2021-34748 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34778 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34766 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34782 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42042 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34779 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1534 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34706 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the web application to perform arbitrary HTTP requests on behalf of the attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34711 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42043 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34758 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1594 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting and modifying specific internode communications from one ISE persona to another ISE persona. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying operating system. To exploit this vulnerability, the attacker would need to decrypt HTTPS traffic between two ISE personas that are located on separate nodes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42040 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.π Read
via "National Vulnerability Database".
π’ BT and Toshiba to launch quantum-secured network across London π’
π Read
via "ITPro".
The two companies say this is the first commercially available network of its kindπ Read
via "ITPro".
IT PRO
BT and Toshiba to launch quantum-secured network across London | IT PRO
The two companies say this is the first commercially available network of its kind
π’ Amazon, Microsoft, Google back creation of Trusted Cloud Principles π’
π Read
via "ITPro".
The initiative calls on governments to recognise baseline security and privacy protections for customersπ Read
via "ITPro".
ITPro
Amazon, Microsoft, Google back creation of Trusted Cloud Principles
The initiative calls on governments to recognise baseline security and privacy protections for customers
π’ What is hacktivism? π’
π Read
via "ITPro".
From Anonymous to Omega, hereβs everything you need to know about hackers with a conscienceπ Read
via "ITPro".
IT PRO
What is hacktivism? | IT PRO
From Anonymous to the IT Army of Ukraine, we answer 'what is hacktivism' and guide you through the history of the most compelling corner of the tech industry
π’ Neiman Marcus data breach hits 4.6 million customers π’
π Read
via "ITPro".
The breach took place last year, but details have only now come to lightπ Read
via "ITPro".
ITPro
Neiman Marcus data breach hits 4.6 million customers
The breach took place last year, but details have only now come to light
π’ US plans 30-nation meeting to address growing cyber crime threat π’
π Read
via "ITPro".
Biden says the meeting will focus on the use of illicit cryptocurrency and securing supply chainsπ Read
via "ITPro".
IT PRO
US plans 30-nation meeting to address growing cyber crime threat | IT PRO
Biden says the meeting will focus on the use of illicit cryptocurrency and securing supply chains
π’ The best defence against ransomware π’
π Read
via "ITPro".
How ransomware is evolving and how to defend against itπ Read
via "ITPro".
IT PRO
The best defence against ransomware
How ransomware is evolving and how to defend against it
π’ How to maintain your privacy on social media π’
π Read
via "ITPro".
Even the most privacy conscious individuals can be caught out by misconfigured accountsπ Read
via "ITPro".
IT PRO
How to maintain your privacy on social media | IT PRO
Even the most privacy conscious individuals can be caught out by misconfigured accounts
π’ Malware pretending to be Amnesty International antivirus for Pegasus discovered π’
π Read
via "ITPro".
Victims fearing Pegasus spyware targeted in a new malware campaignπ Read
via "ITPro".
IT PRO
Malware pretending to be Amnesty International antivirus for Pegasus discovered | IT PRO
Victims fearing Pegasus spyware targeted in a new malware campaign