‼ CVE-2021-32664 ‼
📖 Read
via "National Vulnerability Database".
Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31385 ‼
📖 Read
via "National Vulnerability Database".
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2.📖 Read
via "National Vulnerability Database".
🕴 Query.ai Closes $15M Series A for Security Investigations Tool 🕴
📖 Read
via "Dark Reading".
The funding will support product development for Query.AI's browser-based security investigations tool.📖 Read
via "Dark Reading".
Dark Reading
Query.ai Closes $15M Series A for Security Investigations Tool
The funding will support product development for Query.AI's browser-based security investigations tool.
🕴 Cato Networks Valued at $2.5B, Raises Additional $200M to Accelerate SASE Adoption Among Large Enterprises 🕴
📖 Read
via "Dark Reading".
Cato more than doubles its valuation in one year with largest funding round to date. Total financing reaches $532 million.📖 Read
via "Dark Reading".
Dark Reading
Cato Networks Valued at $2.5B, Raises Additional $200M to Accelerate SASE Adoption Among Large Enterprises
Cato more than doubles its valuation in one year with largest funding round to date. Total financing reaches $532 million.
🕴 Enterprise Cybersecurity Strategies Are Getting More Attention 🕴
📖 Read
via "Dark Reading".
Data in Dark Reading's 2021 Strategic Security Survey report suggest organizations are taking the security challenge seriously.📖 Read
via "Dark Reading".
Dark Reading
Enterprise Cybersecurity Strategies Are Getting More Attention
Data in Dark Reading's "2021 Strategic Security Survey" report suggest organizations are taking the security challenge seriously.
❌ Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services ❌
📖 Read
via "Threat Post".
The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp.📖 Read
via "Threat Post".
Threat Post
Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services
The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in some cloud services.
🕴 Telecommunications Providers Worldwide Are Targeted in Sophisticated Cyber-Espionage Campaign 🕴
📖 Read
via "Dark Reading".
LightBasin has displayed in-depth knowledge of telecom architectures and protocols in its attacks, security vendor warns.📖 Read
via "Dark Reading".
Dark Reading
Telecommunications Providers Worldwide Are Targeted in Sophisticated Cyber-Espionage Campaign
LightBasin has displayed in-depth knowledge of telecom architectures and protocols in its attacks, security vendor warns.
‼ CVE-2021-41150 ‼
📖 Read
via "National Vulnerability Database".
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.📖 Read
via "National Vulnerability Database".
🕴 Penetration Testing in the Cloud Demands a Different Approach 🕴
📖 Read
via "Dark Reading".
Attackers use a different set of techniques to target the cloud, meaning defenders must think differently when pen testing cloud environments.📖 Read
via "Dark Reading".
Dark Reading
Penetration Testing in the Cloud Demands a Different Approach
Attackers use a different set of techniques to target the cloud, meaning defenders must think differently when pen testing cloud environments.
‼ CVE-2021-3454 ‼
📖 Read
via "National Vulnerability Database".
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3455 ‼
📖 Read
via "National Vulnerability Database".
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30302 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1983 ‼
📖 Read
via "National Vulnerability Database".
Possible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1917 ‼
📖 Read
via "National Vulnerability Database".
Null pointer dereference can occur due to memory allocation failure in DIAG in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30292 ‼
📖 Read
via "National Vulnerability Database".
Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30312 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1980 ‼
📖 Read
via "National Vulnerability Database".
Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30257 ‼
📖 Read
via "National Vulnerability Database".
Possible out of bound read or write in VR service due to lack of validation of DSP selection values in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30310 ‼
📖 Read
via "National Vulnerability Database".
Possible buffer overflow due to Improper validation of received CF-ACK and CF-Poll data frames in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1984 ‼
📖 Read
via "National Vulnerability Database".
Possible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30305 ‼
📖 Read
via "National Vulnerability Database".
Possible out of bound access due to lack of validation of page offset before page is inserted in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".