βΌ CVE-2021-42329 βΌ
π Read
via "National Vulnerability Database".
The Γ’β¬ΕList_AddΓ’β¬οΏ½ function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with userΓ’β¬β’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42334 βΌ
π Read
via "National Vulnerability Database".
The Easytest contains SQL injection vulnerabilities. After obtaining a userΓ’β¬β’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions.π Read
via "National Vulnerability Database".
ποΈ Missouri governor criticized for confusing vulnerability disclosure with criminal hacking ποΈ
π Read
via "The Daily Swig".
Politicianβs accusations unleash torrent of criticism and snarky memes from incredulous infosec prosπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Missouri governor criticized for confusing vulnerability disclosure with criminal hacking
Politicianβs accusations unleash torrent of criticism and snarky memes from incredulous infosec pros
π΄ Evolution Equity Partners Close $400M for Cybersecurity Investments π΄
π Read
via "Dark Reading".
The firm expands capital base, team, and platform addressing a rapidly growing cybersecurity investment opportunity.π Read
via "Dark Reading".
Dark Reading
Evolution Equity Partners Close $400M for Cybersecurity Investments
The firm expands capital base, team, and platform addressing a rapidly growing cybersecurity investment opportunity.
π Friday Five 10/15 π
π Read
via "".
Giving security keys to at risk users, a summit to stop ransomware, and financial losses from cyberattacks pile up - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 10/15
Giving security keys to at risk users, a summit to stop ransomware, and financial losses from cyberattacks pile up - catch up on the infosec news of the week with the Friday Five!
βΌ CVE-2021-40721 βΌ
π Read
via "National Vulnerability Database".
Adobe Connect version 11.2.2 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39864 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40997 βΌ
π Read
via "National Vulnerability Database".
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40987 βΌ
π Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40996 βΌ
π Read
via "National Vulnerability Database".
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40731 βΌ
π Read
via "National Vulnerability Database".
Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by an out-of-bounds write vulnerability when parsing a crafted JPEG2000 file, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40986 βΌ
π Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40730 βΌ
π Read
via "National Vulnerability Database".
Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free that allow a remote attacker to disclose sensitive information on affected installations of of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG2000 images.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3874 βΌ
π Read
via "National Vulnerability Database".
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')π Read
via "National Vulnerability Database".
βΌ CVE-2021-37738 βΌ
π Read
via "National Vulnerability Database".
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40995 βΌ
π Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3878 βΌ
π Read
via "National Vulnerability Database".
corenlp is vulnerable to Improper Restriction of XML External Entity Referenceπ Read
via "National Vulnerability Database".
βΌ CVE-2021-37739 βΌ
π Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38432 βΌ
π Read
via "National Vulnerability Database".
FATEK Automation Communication Server Versions 1.13 and prior lacks proper validation of user-supplied data, which could result in a stack-based buffer overflow condition and allow an attacker to remotely execute code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40990 βΌ
π Read
via "National Vulnerability Database".
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40724 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader for Android versions 21.8.0 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".