βΌ CVE-2021-41770 βΌ
π Read
via "National Vulnerability Database".
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42054 βΌ
π Read
via "National Vulnerability Database".
ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42053 βΌ
π Read
via "National Vulnerability Database".
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.π Read
via "National Vulnerability Database".
ποΈ Apache Ranger maintainers slam unflattering cloud data security comparison with Immuta ποΈ
π Read
via "The Daily Swig".
Immuta defends benchmark study comparing access control policy management burdensπ Read
via "The Daily Swig".
π Wireshark Analyzer 3.4.9 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
ποΈ Twitch breach leads to leak of source code and streamer earnings data ποΈ
π Read
via "The Daily Swig".
This is like βKFC losing its secret recipeβπ Read
via "The Daily Swig".
π¦Ώ A unique method of securing SSH π¦Ώ
π Read
via "Tech Republic".
Jack Wallen offers up a different method of securing SSH that could be rather timely in helping to lock down your Linux servers.π Read
via "Tech Republic".
TechRepublic
How to use this unique method of securing SSH
Jack Wallen offers a different method of securing SSH that could be rather timely in helping to lock down your Linux servers.
π΄ New Regulations Are Coming β Get a Handle on Your App Portfolio π΄
π Read
via "Dark Reading".
With the realization that any app could be a gateway for a larger attack, there will be more pressure than ever on companies to fully protect their entire application landscape.π Read
via "Dark Reading".
Dark Reading
New Regulations Are Coming β Get a Handle on Your App Portfolio
With the realization that any app could be a gateway for a larger attack, there will be more pressure than ever on companies to fully protect their entire application landscape.
βΌ CVE-2021-3832 βΌ
π Read
via "National Vulnerability Database".
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40978 βΌ
π Read
via "National Vulnerability Database".
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20605 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20603 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41865 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22958 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:Nπ Read
via "National Vulnerability Database".
βΌ CVE-2021-20602 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Exceptional Conditions vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35067 βΌ
π Read
via "National Vulnerability Database".
Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).π Read
via "National Vulnerability Database".
βΌ CVE-2021-41794 βΌ
π Read
via "National Vulnerability Database".
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28661 βΌ
π Read
via "National Vulnerability Database".
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36150 βΌ
π Read
via "National Vulnerability Database".
SilverStripe Framework through 4.8.1 allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20604 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33903 βΌ
π Read
via "National Vulnerability Database".
In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.)π Read
via "National Vulnerability Database".