‼ CVE-2021-29115 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29113 ‼
📖 Read
via "National Vulnerability Database".
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.📖 Read
via "National Vulnerability Database".
❌ SolarWinds Attackers Spotted Using New Tactics, Malware ❌
📖 Read
via "Threat Post".
One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.📖 Read
via "Threat Post".
Threat Post
SolarWinds Attackers Spotted Using New Tactics, Malware
One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.
‼ CVE-2021-44187 ‼
📖 Read
via "National Vulnerability Database".
Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42133 ‼
📖 Read
via "National Vulnerability Database".
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40095 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27413 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22955 ‼
📖 Read
via "National Vulnerability Database".
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42127 ‼
📖 Read
via "National Vulnerability Database".
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42128 ‼
📖 Read
via "National Vulnerability Database".
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42126 ‼
📖 Read
via "National Vulnerability Database".
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44527 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42130 ‼
📖 Read
via "National Vulnerability Database".
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44186 ‼
📖 Read
via "National Vulnerability Database".
Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42131 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40092 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42124 ‼
📖 Read
via "National Vulnerability Database".
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40093 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42125 ‼
📖 Read
via "National Vulnerability Database".
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42129 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42132 ‼
📖 Read
via "National Vulnerability Database".
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.📖 Read
via "National Vulnerability Database".