βΌ CVE-2021-40095 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27413 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22955 βΌ
π Read
via "National Vulnerability Database".
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42127 βΌ
π Read
via "National Vulnerability Database".
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42128 βΌ
π Read
via "National Vulnerability Database".
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42126 βΌ
π Read
via "National Vulnerability Database".
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44527 βΌ
π Read
via "National Vulnerability Database".
A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42130 βΌ
π Read
via "National Vulnerability Database".
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44186 βΌ
π Read
via "National Vulnerability Database".
Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42131 βΌ
π Read
via "National Vulnerability Database".
A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40092 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42124 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40093 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42125 βΌ
π Read
via "National Vulnerability Database".
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42129 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42132 βΌ
π Read
via "National Vulnerability Database".
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40096 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40094 βΌ
π Read
via "National Vulnerability Database".
A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device.π Read
via "National Vulnerability Database".
π΄ Defending Against the Use of Deepfakes for Cyber Exploitation π΄
π Read
via "Dark Reading".
Deepfakes are increasingly concerning because they use AI to imitate human activities and can be used to augment social engineering attacks.π Read
via "Dark Reading".
Dark Reading
Defending Against the Use of Deepfakes for Cyber Exploitation
Deepfakes are increasingly concerning because they use AI to imitate human activities and can be used to augment social engineering attacks.
π¦Ώ "Hello Quantum World:" New cybersecurity service uses entanglement to generate cryptographic keys π¦Ώ
π Read
via "Tech Republic".
The new service protects against current and future cyberattacks, according to Quantinuum CEO, and works with existing cybersecurity systems.π Read
via "Tech Republic".
TechRepublic
"Hello Quantum World:" New cybersecurity service uses entanglement to generate cryptographic keys
The new service protects against current and future cyberattacks, according to Quantinuum CEO, and works with existing cybersecurity systems.
ποΈ Critical web security flaws in Kaseya Unitrends backup appliances remediated after researchersβ disclosure ποΈ
π Read
via "The Daily Swig".
Two critical flaws addressed in cloud storage patch batchπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical web security flaws in Kaseya Unitrends backup appliances remediated after researchersβ disclosure
Two critical flaws addressed in cloud storage patch batch