βΌ CVE-2021-38451 βΌ
π Read
via "National Vulnerability Database".
The affected productΓ’β¬β’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38473 βΌ
π Read
via "National Vulnerability Database".
The affected productΓ’β¬β’s code base doesnΓ’β¬β’t properly control arguments for specific functions, which could lead to a stack overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38459 βΌ
π Read
via "National Vulnerability Database".
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38475 βΌ
π Read
via "National Vulnerability Database".
The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38465 βΌ
π Read
via "National Vulnerability Database".
The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38479 βΌ
π Read
via "National Vulnerability Database".
Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38467 βΌ
π Read
via "National Vulnerability Database".
A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38461 βΌ
π Read
via "National Vulnerability Database".
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38477 βΌ
π Read
via "National Vulnerability Database".
There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41744 βΌ
π Read
via "National Vulnerability Database".
All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the collaborative creation, distribution, application and management of product information across organizations. Yonyou PLM uses jboss by default, and you can access the management control background without authorization An attacker can use this vulnerability to gain server permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35230 βΌ
π Read
via "National Vulnerability Database".
As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38481 βΌ
π Read
via "National Vulnerability Database".
The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38455 βΌ
π Read
via "National Vulnerability Database".
The affected productΓ’β¬β’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31682 βΌ
π Read
via "National Vulnerability Database".
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36357 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41747 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38471 βΌ
π Read
via "National Vulnerability Database".
There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38457 βΌ
π Read
via "National Vulnerability Database".
The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication.π Read
via "National Vulnerability Database".
β Cisco SD-WAN Security Bug Allows Root Code Execution β
π Read
via "Threat Post".
The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.π Read
via "Threat Post".
Threat Post
Cisco SD-WAN Security Bug Allows Root Code Execution
The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.
ποΈ Node.js sandboxes are open to prototype pollution ποΈ
π Read
via "The Daily Swig".
Sandbox breakout can lead to remote code execution, researchers warnπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Node.js sandboxes are open to prototype pollution
Sandbox breakout can lead to remote code execution, researchers warn
π Faraday 3.18.0 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 3.18.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers