‼ CVE-2021-37923 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40726 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42013 ‼
📖 Read
via "National Vulnerability Database".
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37928 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42071 ‼
📖 Read
via "National Vulnerability Database".
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py Uaer-Agent HTTP header.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40439 ‼
📖 Read
via "National Vulnerability Database".
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37931 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37762 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37918 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3833 ‼
📖 Read
via "National Vulnerability Database".
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.📖 Read
via "National Vulnerability Database".
🕴 Former Google Employees Launch Supply Chain Security Startup 🕴
📖 Read
via "Dark Reading".
Chainguard aims to make the software supply chain secure by default as supply chain-focused attacks continue to rise.📖 Read
via "Dark Reading".
Dark Reading
Former Google Employees Launch Supply Chain Security Startup
Chainguard aims to make the software supply chain secure by default as supply chain-focused attacks continue to rise.
🔏 Solving the Mid-Market Data Protection Challenge 🔏
📖 Read
via "".
Learn how Digital Guardian's Managed Security Program for Midsize Companies can help organizations improve their information security program, whatever the use case.📖 Read
via "".
Fortra's Digital Guardian
Solving the Mid-Market Data Protection Challenge
Learn how Digital Guardian's Managed Security Program for Midsize Companies can help organizations improve their information security program, whatever the use case.
🦿 ExtraHop adds new threat hunting and network advisory services to Reveal(x) 360 NDR 🦿
📖 Read
via "Tech Republic".
The addition of Reveal(x) Advisor services to the Reveal(x) 360 network detection and response tools helps organizations proactively manage cybersecurity hygiene and accelerate incident response.📖 Read
via "Tech Republic".
TechRepublic
ExtraHop adds new threat hunting and network advisory services to Reveal(x) 360 NDR
The addition of Reveal(x) Advisor services to the Reveal(x) 360 network detection and response tools helps organizations proactively manage cybersecurity hygiene and accelerate incident response.
🦿 A holistic approach to vulnerability management solidifies cyberdefenses 🦿
📖 Read
via "Tech Republic".
Vulnerability scanners are not enough, according to an expert who champions an all-encompassing holistic approach to vulnerability management as a means to eliminate surprises.📖 Read
via "Tech Republic".
TechRepublic
A holistic approach to vulnerability management solidifies cyberdefenses
Vulnerability scanners are not enough, according to an expert who champions an all-encompassing holistic approach to vulnerability management as a means to eliminate surprises.
‼ CVE-2021-20571 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20489 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29700 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20376 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20372 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20561 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20552 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.📖 Read
via "National Vulnerability Database".