βΌ CVE-2021-21940 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37727 βΌ
π Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40499 βΌ
π Read
via "National Vulnerability Database".
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37730 βΌ
π Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21941 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38458 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40496 βΌ
π Read
via "National Vulnerability Database".
SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.π Read
via "National Vulnerability Database".
ποΈ Google distributing 10,000 security keys to journalists, elected officials, human rights activists ποΈ
π Read
via "The Daily Swig".
Global initiative βwill definitely prevent some cyber-attacksβ, says expertπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google distributing 10,000 security keys to journalists, elected officials, human rights activists
Global initiative βwill definitely prevent some cyber-attacksβ, says expert
π¦Ώ The different types of sudo and su in Linux π¦Ώ
π Read
via "Tech Republic".
Jack Wallen demystifies these two Linux admin tools because knowing which sudo or su command to run is important.π Read
via "Tech Republic".
TechRepublic
The different types of sudo and su in Linux
Jack Wallen demystifies these two Linux admin tools because knowing which sudo or su command to run is important.
π¦Ώ What it costs to hire a hacker on the Dark Web π¦Ώ
π Read
via "Tech Republic".
Though the final price for a cybercriminal's services is usually negotiated, personal attacks are the most expensive, says Comparitech.π Read
via "Tech Republic".
TechRepublic
What It Costs to Hire a Hacker on the Dark Web
The cost to hire a hacker can be incredibly cheap. Use this cybersecurity guide to learn about the major activities of hackers.
π΄ Why Choke-Point Analysis Is Essential in Active Directory Security π΄
π Read
via "Dark Reading".
Defense should focus on high-value choke points first to ensure that their most critical assets are protected, before moving on to deal with other attack paths.π Read
via "Dark Reading".
Dark Reading
Why Choke-Point Analysis Is Essential in Active Directory Security
Defense should focus on high-value choke points first to ensure that their most critical assets are protected, before moving on to deal with other attack paths.
β Office 365 Spy Campaign Targets US Military Defense β
π Read
via "Threat Post".
An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others.π Read
via "Threat Post".
Threat Post
Office 365 Spy Campaign Targets US Military Defense
An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others.
βΌ CVE-2021-37732 βΌ
π Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant 8.7.x.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41797 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: noneπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41071 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37734 βΌ
π Read
via "National Vulnerability Database".
A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below; Aruba Instant 8.8.x.x: 8.8.0.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37735 βΌ
π Read
via "National Vulnerability Database".
A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41136 βΌ
π Read
via "National Vulnerability Database".
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41796 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: noneπ Read
via "National Vulnerability Database".
βΌ CVE-2021-35214 βΌ
π Read
via "National Vulnerability Database".
The vulnerability can be described as a failure to invalidate user session upon password change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41070 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: noneπ Read
via "National Vulnerability Database".