‼ CVE-2021-42976 ‼
📖 Read
via "National Vulnerability Database".
NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42994 ‼
📖 Read
via "National Vulnerability Database".
Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37940 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42986 ‼
📖 Read
via "National Vulnerability Database".
NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40288 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43798 ‼
📖 Read
via "National Vulnerability Database".
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42993 ‼
📖 Read
via "National Vulnerability Database".
FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24041 ‼
📖 Read
via "National Vulnerability Database".
A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42973 ‼
📖 Read
via "National Vulnerability Database".
NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42979 ‼
📖 Read
via "National Vulnerability Database".
NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42987 ‼
📖 Read
via "National Vulnerability Database".
Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41716 ‼
📖 Read
via "National Vulnerability Database".
Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43000 ‼
📖 Read
via "National Vulnerability Database".
Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient <= v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
🕴 Cerberus Sentinel Announces Acquisition of Arkavia Networks 🕴
📖 Read
via "Dark Reading".
U.S. cybersecurity services firm expands internationally into Latin America.📖 Read
via "Dark Reading".
Dark Reading
Cerberus Sentinel Announces Acquisition of Arkavia Networks
U.S. cybersecurity services firm expands internationally into Latin America.
🕴 DigiCert Advances Passwordless Authentication with Support for Windows Hello for Business 🕴
📖 Read
via "Dark Reading".
Managing Windows Hello hybrid certificate trust model on DigiCert PKI platform streamlines enterprise passwordless authentication and access, an industry first for public Certification Authorities (CAs).📖 Read
via "Dark Reading".
Dark Reading
DigiCert Advances Passwordless Authentication with Support for Windows Hello for Business
Managing Windows Hello hybrid certificate trust model on DigiCert PKI platform streamlines enterprise passwordless authentication and access, an industry first for public Certification Authorities (CAs).
🕴 Rubrik's New Managed Service Protects Data from Ransomware Attacks 🕴
📖 Read
via "Dark Reading".
Rubrik Cloud Vault provides data recovery assurance against ransomware attacks for Microsoft Azure customers, even if they maintain a hybrid environment.📖 Read
via "Dark Reading".
Dark Reading
Rubrik's New Managed Service Protects Data From Ransomware Attacks
Rubrik Cloud Vault provides data recovery assurance against ransomware attacks for Microsoft Azure customers, even if they maintain a hybrid environment.
🕴 Virtual-Network Vulnerability Found in AWS, Other Clouds 🕴
📖 Read
via "Dark Reading".
The privilege-escalation flaws affect Amazon WorkSpaces and more than a dozen services that use a particular implementation of USB over Ethernet.📖 Read
via "Dark Reading".
Dark Reading
Virtual-Network Vulnerability Found in AWS, Other Clouds
The privilege-escalation flaws affect Amazon WorkSpaces and more than a dozen services that use a particular implementation of USB over Ethernet.
🕴 Google Disrupts Botnet Targeting Windows Machines 🕴
📖 Read
via "Dark Reading".
The company has also launched litigation against the Glupteba botnet, marking the first lawsuit against a blockchain-enabled botnet.📖 Read
via "Dark Reading".
Dark Reading
Google Disrupts Botnet Targeting Windows Machines
The company has also launched litigation against the Glupteba botnet, marking the first lawsuit against a blockchain-enabled botnet.
‼ CVE-2021-44148 ‼
📖 Read
via "National Vulnerability Database".
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42687 ‼
📖 Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22005B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28680 ‼
📖 Read
via "National Vulnerability Database".
The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used. If the server-side secret_key_base value became publicly known (for instance if it is committed to a public repository by mistake), there are still other protections in place that prevent an attacker from impersonating any user on the site. When masquerading is not used in a plain Devise application, one must know the password salt of the target user if one wants to encrypt and sign a valid session cookie. When devise_masquerade is used, however, an attacker can decide which user the "back" action will go back to without knowing that user's password salt and simply knowing the user ID, by manipulating the session cookie and pretending that a user is already masqueraded by an administrator.📖 Read
via "National Vulnerability Database".