β Log4Shell: The Movieβ¦ a short, safe visual tour for work and home β
π Read
via "Naked Security".
Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why!π Read
via "Naked Security".
Naked Security
Log4Shell: The Movie⦠a short, safe visual tour for work and home
Be happy that your sysadmins are taking one (three, actually!) for the team right nowβ¦ hereβs why!
βΌ CVE-2021-43587 βΌ
π Read
via "National Vulnerability Database".
Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36350 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36318 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45291 βΌ
π Read
via "National Vulnerability Database".
The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27451 βΌ
π Read
via "National Vulnerability Database".
Mesa Labs AmegaView Versions 3.0 and priorΓ’β¬β’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36317 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45289 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44876 βΌ
π Read
via "National Vulnerability Database".
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the identification of the correct tenant for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27447 βΌ
π Read
via "National Vulnerability Database".
Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44875 βΌ
π Read
via "National Vulnerability Database".
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44877 βΌ
π Read
via "National Vulnerability Database".
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability has been found while using a temporary generated token in order to consume api resources. The vulnerability allows an unauthenticated attacker to use an api endpoint to generate a temporary JWT token that is designed to reference the correct tenant prior to authentication, to request system configuration parameters using direct api requests. The correct exploitation of this vulnerability causes sensitive information exposure. In case the tenant has an smtp credential set, the full credential information is disclosed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45290 βΌ
π Read
via "National Vulnerability Database".
A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45292 βΌ
π Read
via "National Vulnerability Database".
The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19770 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27445 βΌ
π Read
via "National Vulnerability Database".
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36341 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45288 βΌ
π Read
via "National Vulnerability Database".
A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36316 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45293 βΌ
π Read
via "National Vulnerability Database".
A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44207 βΌ
π Read
via "National Vulnerability Database".
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.π Read
via "National Vulnerability Database".