π΄ Enterprise Data Storage Environments Riddled With Vulnerabilities π΄
π Read
via "Dark Reading".
Many organizations are not properly protecting their storage and backup systems from compromise, new study finds.π Read
via "Dark Reading".
Dark Reading
Enterprise Data Storage Environments Riddled With Vulnerabilities
Many organizations are not properly protecting their storage and backup systems from compromise, new study finds.
βΌ CVE-2021-42340 βΌ
π Read
via "National Vulnerability Database".
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38295 βΌ
π Read
via "National Vulnerability Database".
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2π Read
via "National Vulnerability Database".
ποΈ Injection vulnerabilities in popular WordPress plugin could expose credentials, allow admin access ποΈ
π Read
via "The Daily Swig".
Fastest Cache is used by more than one million peopleπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Injection vulnerabilities in popular WordPress plugin could expose credentials, allow admin access
Fastest Cache is used by more than one million websites
π΄ From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor π΄
π Read
via "Dark Reading".
Why a passion for helping people is key to delivering effective cybersecurity solutions.π Read
via "Dark Reading".
Dark Reading
From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor
Why a passion for helping people is key to delivering effective cybersecurity solutions.
βΌ CVE-2021-37737 βΌ
π Read
via "National Vulnerability Database".
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39332 βΌ
π Read
via "National Vulnerability Database".
The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42332 βΌ
π Read
via "National Vulnerability Database".
The Γ’β¬ΕList ViewΓ’β¬οΏ½ function of ShinHer StudyOnline System is not under authority control. After logging in with userΓ’β¬β’s privilege, remote attackers can access the content of other usersΓ’β¬β’ message boards by crafting URL parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40999 βΌ
π Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38431 βΌ
π Read
via "National Vulnerability Database".
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39335 βΌ
π Read
via "National Vulnerability Database".
The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39344 βΌ
π Read
via "National Vulnerability Database".
The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39349 βΌ
π Read
via "National Vulnerability Database".
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39345 βΌ
π Read
via "National Vulnerability Database".
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42333 βΌ
π Read
via "National Vulnerability Database".
The Easytest contains SQL injection vulnerabilities. After obtaining userΓ’β¬β’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42335 βΌ
π Read
via "National Vulnerability Database".
Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a userΓ’β¬β’s privilege, remote attackers can inject JavaScript and execute stored XSS attack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39338 βΌ
π Read
via "National Vulnerability Database".
The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42331 βΌ
π Read
via "National Vulnerability Database".
The Γ’β¬ΕStudy EditΓ’β¬οΏ½ function of ShinHer StudyOnline System does not perform permission control. After logging in with userΓ’β¬β’s privilege, remote attackers can access and edit other usersΓ’β¬β’ tutorial schedule by crafting URL parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39334 βΌ
π Read
via "National Vulnerability Database".
The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in the ~/job-settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37736 βΌ
π Read
via "National Vulnerability Database".
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39336 βΌ
π Read
via "National Vulnerability Database".
The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.π Read
via "National Vulnerability Database".