βΌ CVE-2021-40501 βΌ
π Read
via "National Vulnerability Database".
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40504 βΌ
π Read
via "National Vulnerability Database".
A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40521 βΌ
π Read
via "National Vulnerability Database".
Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40519 βΌ
π Read
via "National Vulnerability Database".
Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43523 βΌ
π Read
via "National Vulnerability Database".
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40518 βΌ
π Read
via "National Vulnerability Database".
Airangel HSMX Gateway devices through 5.2.04 allow CSRF.π Read
via "National Vulnerability Database".
β Patch Tuesday updates the Win 7 updaterβ¦ for at most 1 more year of updates β
π Read
via "Naked Security".
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!π Read
via "Naked Security".
Naked Security
Patch Tuesday updates the Win 7 updater⦠for at most 1 more year of updates
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there wonβt be any double overtime!
π GNUnet P2P Framework 0.15.3 π
π Read
via "Packet Storm Security".
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.π Read
via "Packet Storm Security".
Packetstormsecurity
GNUnet P2P Framework 0.15.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Defining the Hierarchy of Value in Cyber Intelligence π΄
π Read
via "Dark Reading".
One size won't fit all as we try to reconcile the need to demonstrate expertise and value with keeping clients and researchers safe.π Read
via "Dark Reading".
Dark Reading
Defining the Hierarchy of Value in Cyber Intelligence
One size won't fit all as we try to reconcile the need to demonstrate expertise and value with keeping clients and researchers safe.
β Critical Citrix Bug Shuts Down Network, Cloud App Access β
π Read
via "Threat Post".
The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.π Read
via "Threat Post".
Threat Post
Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access
The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.
π¦Ώ These industries were the most affected by the past year of ransomware attacks π¦Ώ
π Read
via "Tech Republic".
After what has been a year of averaging more than a thousand ransomware attacks per day, NordLocker said that data released by hackers shows an unexpected industry at the top.π Read
via "Tech Republic".
π΄ SolarWinds Vulnerability Exploited in First Stage of Clop Ransomware Attacks π΄
π Read
via "Dark Reading".
Russian cybercrime group known as T505 is targeting SolarWinds Server-U systems that haven't been patched for a remote code execution vulnerability fixed this summer.π Read
via "Dark Reading".
Dark Reading
SolarWinds Vulnerability Exploited in First Stage of Clop Ransomware Attacks
Russian cybercrime group known as T505 is targeting SolarWinds Server-U systems that haven't been patched for a remote code execution vulnerability fixed this summer.
βΌ CVE-2021-3572 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40520 βΌ
π Read
via "National Vulnerability Database".
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3061 βΌ
π Read
via "National Vulnerability Database".
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 firewalls are impacted by this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32021 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41038 βΌ
π Read
via "National Vulnerability Database".
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().π Read
via "National Vulnerability Database".
βΌ CVE-2021-3056 βΌ
π Read
via "National Vulnerability Database".
A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22048 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3059 βΌ
π Read
via "National Vulnerability Database".
An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 Preferred or Prisma Access 2.1 Innovation firewalls are impacted by this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3064 βΌ
π Read
via "National Vulnerability Database".
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.π Read
via "National Vulnerability Database".