‼ CVE-2021-43798 ‼
📖 Read
via "National Vulnerability Database".
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42993 ‼
📖 Read
via "National Vulnerability Database".
FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24041 ‼
📖 Read
via "National Vulnerability Database".
A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42973 ‼
📖 Read
via "National Vulnerability Database".
NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42979 ‼
📖 Read
via "National Vulnerability Database".
NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42987 ‼
📖 Read
via "National Vulnerability Database".
Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41716 ‼
📖 Read
via "National Vulnerability Database".
Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43000 ‼
📖 Read
via "National Vulnerability Database".
Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient <= v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
🕴 Cerberus Sentinel Announces Acquisition of Arkavia Networks 🕴
📖 Read
via "Dark Reading".
U.S. cybersecurity services firm expands internationally into Latin America.📖 Read
via "Dark Reading".
Dark Reading
Cerberus Sentinel Announces Acquisition of Arkavia Networks
U.S. cybersecurity services firm expands internationally into Latin America.
🕴 DigiCert Advances Passwordless Authentication with Support for Windows Hello for Business 🕴
📖 Read
via "Dark Reading".
Managing Windows Hello hybrid certificate trust model on DigiCert PKI platform streamlines enterprise passwordless authentication and access, an industry first for public Certification Authorities (CAs).📖 Read
via "Dark Reading".
Dark Reading
DigiCert Advances Passwordless Authentication with Support for Windows Hello for Business
Managing Windows Hello hybrid certificate trust model on DigiCert PKI platform streamlines enterprise passwordless authentication and access, an industry first for public Certification Authorities (CAs).
🕴 Rubrik's New Managed Service Protects Data from Ransomware Attacks 🕴
📖 Read
via "Dark Reading".
Rubrik Cloud Vault provides data recovery assurance against ransomware attacks for Microsoft Azure customers, even if they maintain a hybrid environment.📖 Read
via "Dark Reading".
Dark Reading
Rubrik's New Managed Service Protects Data From Ransomware Attacks
Rubrik Cloud Vault provides data recovery assurance against ransomware attacks for Microsoft Azure customers, even if they maintain a hybrid environment.
🕴 Virtual-Network Vulnerability Found in AWS, Other Clouds 🕴
📖 Read
via "Dark Reading".
The privilege-escalation flaws affect Amazon WorkSpaces and more than a dozen services that use a particular implementation of USB over Ethernet.📖 Read
via "Dark Reading".
Dark Reading
Virtual-Network Vulnerability Found in AWS, Other Clouds
The privilege-escalation flaws affect Amazon WorkSpaces and more than a dozen services that use a particular implementation of USB over Ethernet.
🕴 Google Disrupts Botnet Targeting Windows Machines 🕴
📖 Read
via "Dark Reading".
The company has also launched litigation against the Glupteba botnet, marking the first lawsuit against a blockchain-enabled botnet.📖 Read
via "Dark Reading".
Dark Reading
Google Disrupts Botnet Targeting Windows Machines
The company has also launched litigation against the Glupteba botnet, marking the first lawsuit against a blockchain-enabled botnet.
‼ CVE-2021-44148 ‼
📖 Read
via "National Vulnerability Database".
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42687 ‼
📖 Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22005B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28680 ‼
📖 Read
via "National Vulnerability Database".
The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used. If the server-side secret_key_base value became publicly known (for instance if it is committed to a public repository by mistake), there are still other protections in place that prevent an attacker from impersonating any user on the site. When masquerading is not used in a plain Devise application, one must know the password salt of the target user if one wants to encrypt and sign a valid session cookie. When devise_masquerade is used, however, an attacker can decide which user the "back" action will go back to without knowing that user's password salt and simply knowing the user ID, by manipulating the session cookie and pretending that a user is already masqueraded by an administrator.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27356 ‼
📖 Read
via "National Vulnerability Database".
The debug-meta-data plugin 1.1.2 for WordPress allows XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34544 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34543 ‼
📖 Read
via "National Vulnerability Database".
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36133 ‼
📖 Read
via "National Vulnerability Database".
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36760 ‼
📖 Read
via "National Vulnerability Database".
In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.)📖 Read
via "National Vulnerability Database".