π΄ Are You Planning for the Quantum, Transhumanist Threat? π΄
π Read
via "Dark Reading".
Breaking encryption in a day and hacking without visible devices are two threats that could become a reality in the next decade and beyond, experts say.π Read
via "Dark Reading".
Dark Reading
Are You Planning for the Quantum, Transhumanist Threat?
Breaking encryption in a day and hacking without visible devices are two threats that could become a reality in the next decade and beyond, experts say.
π΄ Microsoft Fixes Exchange Server Zero-Day π΄
π Read
via "Dark Reading".
November security update contains patches for 55 bugs β including six zero-days across various products.π Read
via "Dark Reading".
Dark Reading
Microsoft Fixes Exchange Server Zero-Day
November security update contains patches for 55 bugs β including six zero-days across various products.
βΌ CVE-2021-43575 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35488 βΌ
π Read
via "National Vulnerability Database".
Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35489 βΌ
π Read
via "National Vulnerability Database".
Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37157 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37158 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42292 βΌ
π Read
via "National Vulnerability Database".
Microsoft Excel Security Feature Bypass Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41366 βΌ
π Read
via "National Vulnerability Database".
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42304 βΌ
π Read
via "National Vulnerability Database".
Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42303.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42288 βΌ
π Read
via "National Vulnerability Database".
Windows Hello Security Feature Bypass Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42279 βΌ
π Read
via "National Vulnerability Database".
Chakra Scripting Engine Memory Corruption Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41367 βΌ
π Read
via "National Vulnerability Database".
NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41370, CVE-2021-42283.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41373 βΌ
π Read
via "National Vulnerability Database".
FSLogix Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41356 βΌ
π Read
via "National Vulnerability Database".
Windows Denial of Service Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42323 βΌ
π Read
via "National Vulnerability Database".
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42301.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31853 βΌ
π Read
via "National Vulnerability Database".
DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.π Read
via "National Vulnerability Database".
ποΈ Apache Storm maintainers patch two pre-auth RCE vulnerabilities ποΈ
π Read
via "The Daily Swig".
High-risk issues were discovered by GitHubβs in-house security teamπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Apache Storm maintainers patch two pre-auth RCE vulnerabilities
High-risk issues were discovered by GitHubβs in-house security team
βΌ CVE-2021-34598 βΌ
π Read
via "National Vulnerability Database".
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is activeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39474 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43136 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.π Read
via "National Vulnerability Database".