‼ CVE-2021-37919 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23447 ‼
📖 Read
via "National Vulnerability Database".
This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37924 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37929 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40725 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37922 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37920 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37921 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37923 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40726 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42013 ‼
📖 Read
via "National Vulnerability Database".
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37928 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42071 ‼
📖 Read
via "National Vulnerability Database".
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py Uaer-Agent HTTP header.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40439 ‼
📖 Read
via "National Vulnerability Database".
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37931 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37762 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37918 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3833 ‼
📖 Read
via "National Vulnerability Database".
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.📖 Read
via "National Vulnerability Database".
🕴 Former Google Employees Launch Supply Chain Security Startup 🕴
📖 Read
via "Dark Reading".
Chainguard aims to make the software supply chain secure by default as supply chain-focused attacks continue to rise.📖 Read
via "Dark Reading".
Dark Reading
Former Google Employees Launch Supply Chain Security Startup
Chainguard aims to make the software supply chain secure by default as supply chain-focused attacks continue to rise.
🔏 Solving the Mid-Market Data Protection Challenge 🔏
📖 Read
via "".
Learn how Digital Guardian's Managed Security Program for Midsize Companies can help organizations improve their information security program, whatever the use case.📖 Read
via "".
Fortra's Digital Guardian
Solving the Mid-Market Data Protection Challenge
Learn how Digital Guardian's Managed Security Program for Midsize Companies can help organizations improve their information security program, whatever the use case.
🦿 ExtraHop adds new threat hunting and network advisory services to Reveal(x) 360 NDR 🦿
📖 Read
via "Tech Republic".
The addition of Reveal(x) Advisor services to the Reveal(x) 360 network detection and response tools helps organizations proactively manage cybersecurity hygiene and accelerate incident response.📖 Read
via "Tech Republic".
TechRepublic
ExtraHop adds new threat hunting and network advisory services to Reveal(x) 360 NDR
The addition of Reveal(x) Advisor services to the Reveal(x) 360 network detection and response tools helps organizations proactively manage cybersecurity hygiene and accelerate incident response.