βΌ CVE-2021-0620 βΌ
π Read
via "National Vulnerability Database".
In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561381.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0622 βΌ
π Read
via "National Vulnerability Database".
In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561388.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0657 βΌ
π Read
via "National Vulnerability Database".
In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37939 βΌ
π Read
via "National Vulnerability Database".
It was discovered that KibanaΓ’β¬β’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-0669 βΌ
π Read
via "National Vulnerability Database".
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0655 βΌ
π Read
via "National Vulnerability Database".
In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05673424; Issue ID: ALPS05673424.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0659 βΌ
π Read
via "National Vulnerability Database".
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0656 βΌ
π Read
via "National Vulnerability Database".
In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0666 βΌ
π Read
via "National Vulnerability Database".
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27024 βΌ
π Read
via "National Vulnerability Database".
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0π Read
via "National Vulnerability Database".
βΌ CVE-2021-0623 βΌ
π Read
via "National Vulnerability Database".
In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05585817.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27023 βΌ
π Read
via "National Vulnerability Database".
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007π Read
via "National Vulnerability Database".
βΌ CVE-2021-0667 βΌ
π Read
via "National Vulnerability Database".
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670581; Issue ID: ALPS05670581.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0672 βΌ
π Read
via "National Vulnerability Database".
In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05969704; Issue ID: ALPS05969704.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0665 βΌ
π Read
via "National Vulnerability Database".
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113.π Read
via "National Vulnerability Database".
π SQLMAP - Automatic SQL Injection Tool 1.5.11 π
π Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.5.11 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β€1
π Suricata IDPE 6.0.4 π
π Read
via "Packet Storm Security".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.π Read
via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Wireshark Analyzer 3.4.10 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.4.10 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-35534 βΌ
π Read
via "National Vulnerability Database".
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23167 βΌ
π Read
via "National Vulnerability Database".
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40758 βΌ
π Read
via "National Vulnerability Database".
Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.π Read
via "National Vulnerability Database".