βΌ CVE-2021-41154 βΌ
π Read
via "National Vulnerability Database".
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20836 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.π Read
via "National Vulnerability Database".
π΄ 7 Cross-Industry Technology Trends ο»ΏThat Will Disrupt the World π΄
π Read
via "Dark Reading".
Recent McKinsey & Company analysis examines which technologies will have the most momentum in the next ten years. These are the trends security teams need to be aware of in order to protect the organization effectively.π Read
via "Dark Reading".
Dark Reading
7 Cross-Industry Technology Trends ο»ΏThat Will Disrupt the World
Recent McKinsey analysis examines which technologies will have the most momentum in the next 10 years. These are the trends security teams need to know to protect their organizations effectively.
β TA505 Gang Is Back With Newly Polished FlawedGrace RAT β
π Read
via "Threat Post".
TA505 β cybercrime trailblazers with ever-evolving TTPs β have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.π Read
via "Threat Post".
Threat Post
TA505 Gang Is Back With Newly Polished FlawedGrace RAT
TA505 β cybercrime trailblazers with ever-evolving TTPs β have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.
βΌοΈ CVE-2021-25968 βΌοΈ
via "National Vulnerability Database".
In OpenCMS, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victimΓ’β¬β’s browser when they open the page containing the vulnerable field.
π Readvia "National Vulnerability Database".
π΄ The Simmering Cybersecurity Risk of Employee Burnout π΄
π Read
via "Dark Reading".
Why understanding human behavior is essential to building resilient security systems.π Read
via "Dark Reading".
Dark Reading
The Simmering Cybersecurity Risk of Employee Burnout
Why understanding human behavior is essential to building resilient security systems.
βΌ CVE-2021-3889 βΌ
π Read
via "National Vulnerability Database".
libmobi is vulnerable to Use of Out-of-range Pointer Offsetπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3846 βΌ
π Read
via "National Vulnerability Database".
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Typeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3888 βΌ
π Read
via "National Vulnerability Database".
libmobi is vulnerable to Use of Out-of-range Pointer Offsetπ Read
via "National Vulnerability Database".
βΌ CVE-2021-38474 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3858 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-3869 βΌ
π Read
via "National Vulnerability Database".
corenlp is vulnerable to Improper Restriction of XML External Entity Referenceπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42261 βΌ
π Read
via "National Vulnerability Database".
Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36512 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38486 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38478 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3879 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-38464 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38484 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38480 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the routerΓ’β¬β’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3851 βΌ
π Read
via "National Vulnerability Database".
firefly-iii is vulnerable to URL Redirection to Untrusted Siteπ Read
via "National Vulnerability Database".