‼ CVE-2021-20602 ‼
📖 Read
via "National Vulnerability Database".
Improper Handling of Exceptional Conditions vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35067 ‼
📖 Read
via "National Vulnerability Database".
Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41794 ‼
📖 Read
via "National Vulnerability Database".
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28661 ‼
📖 Read
via "National Vulnerability Database".
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36150 ‼
📖 Read
via "National Vulnerability Database".
SilverStripe Framework through 4.8.1 allows XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20604 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33903 ‼
📖 Read
via "National Vulnerability Database".
In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22930 ‼
📖 Read
via "National Vulnerability Database".
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.📖 Read
via "National Vulnerability Database".
🕴 New Kaspersky Service Delivers Cyberthreat Insights on Request 🕴
📖 Read
via "Dark Reading".
Kaspersky's new Ask the Analyst service will allow businesses to reach out to the company's researchers for their opinions and guidance on cyberthreats and security issues.📖 Read
via "Dark Reading".
Dark Reading
New Kaspersky Service Delivers Cyberthreat Insights on Request
Kaspersky's new Ask the Analyst service will allow businesses to reach out to the company's researchers for their opinions and guidance on cyberthreats and security issues.
⚠ Apache web server zero-day bug is easy to exploit – patch now! ⚠
📖 Read
via "Naked Security".
Some of us have Apache as our primary web server. But lots of us may have Apache without knowing it, as part of another product.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
⚠ S3 Ep53: Apple Pay, giftcards, cybermonth, and ransomware busts [Podcast] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep53: Apple Pay, giftcards, cybermonth, and ransomware busts [Podcast]
Latest episode – listen now!
❌ 4 Key Questions for Zero-Trust Success ❌
📖 Read
via "Threat Post".
Anurag Kahol, CTO & co-founder at Bitglass, offers tips for avoiding implementation pitfalls for zero trust.📖 Read
via "Threat Post".
Threat Post
4 Key Questions for Zero-Trust Success
Anurag Kahol, CTO & co-founder at Bitglass, offers tips for avoiding implementation pitfalls for zero trust.
‼ CVE-2021-37926 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37919 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23447 ‼
📖 Read
via "National Vulnerability Database".
This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37924 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37929 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40725 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37922 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37920 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37921 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".