βΌ CVE-2021-36317 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45289 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44876 βΌ
π Read
via "National Vulnerability Database".
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the identification of the correct tenant for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27447 βΌ
π Read
via "National Vulnerability Database".
Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44875 βΌ
π Read
via "National Vulnerability Database".
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44877 βΌ
π Read
via "National Vulnerability Database".
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability has been found while using a temporary generated token in order to consume api resources. The vulnerability allows an unauthenticated attacker to use an api endpoint to generate a temporary JWT token that is designed to reference the correct tenant prior to authentication, to request system configuration parameters using direct api requests. The correct exploitation of this vulnerability causes sensitive information exposure. In case the tenant has an smtp credential set, the full credential information is disclosed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45290 βΌ
π Read
via "National Vulnerability Database".
A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45292 βΌ
π Read
via "National Vulnerability Database".
The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19770 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27445 βΌ
π Read
via "National Vulnerability Database".
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36341 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45288 βΌ
π Read
via "National Vulnerability Database".
A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36316 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45293 βΌ
π Read
via "National Vulnerability Database".
A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44207 βΌ
π Read
via "National Vulnerability Database".
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.π Read
via "National Vulnerability Database".
β Half-Billion Compromised Credentials Lurking on Open Cloud Server β
π Read
via "Threat Post".
A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned.π Read
via "Threat Post".
Threat Post
Half-Billion Compromised Credentials Lurking on Open Cloud Server
A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned.
β Java Code Repository Riddled with Hidden Log4j Bugs; Hereβs Where to Look β
π Read
via "Threat Post".
There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.π Read
via "Threat Post".
Threat Post
Java Code Repository Riddled with Hidden Log4j Bugs; Hereβs Where to Look
There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.
βΌ CVE-2021-45297 βΌ
π Read
via "National Vulnerability Database".
An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44859 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38893 βΌ
π Read
via "National Vulnerability Database".
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44422 βΌ
π Read
via "National Vulnerability Database".
An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".