Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-39304: Security Advisories | Proofpoint US

Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.

CVE

Related news

CVE-2021-38847: GitHub - bousalman/S-Cart-Arbitrary-File-Upload: Arbitrary File Upload Vulnerability

S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file.

CVE-2021-40345

An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.

UpdateAgent malware variant impersonates legitimate macOS software

By Waqas According to Microsoft Security Intelligence, the new variant of UpdateAgent malware is also capable of dropping adware against macOS. This is a post from HackRead.com Read the original post: UpdateAgent malware variant impersonates legitimate macOS software

CVE-2020-23043

Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file.

CVE-2020-23037

Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

CVE-2020-36485

Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.

CVE-2021-34814: Security Advisories | Proofpoint US

Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.

CVE-2021-25476: Samsung Mobile Security

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

CVE-2021-35204: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.

CVE-2021-35198: Security Advisories | NETSCOUT

NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module.

CVE-2021-35205: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.

CVE-2021-35202: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.

CVE-2021-35199: Security Advisories | NETSCOUT

NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.

CVE-2021-35203: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.

CVE-2021-35200: Security Advisories | NETSCOUT

NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService.

CISA, FBI, NSA Warn of Increase in Conti Ransomware Attacks

A new alert provides the technical details of ongoing attacks and guidance for organizations to secure systems against Conti.

VMware security warning: Multiple vulnerabilities in vCenter Server could allow remote network access

Several issues including one critical bug have been remedied in latest patch cycle

CVE-2020-12082: CVE-2020-12082 Remediated in Code Insight

A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

CVE-2020-12083: CVE-2020-12083 Remediated in Code Insight

An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

FBI, CISA, CGCYBER Warn of APTs Targeting CVE-2021-40539

The critical authentication bypass vulnerability exists in Zoho ManageEngine ADSelfService Plus, officials report.

CVE-2021-25456: Samsung Mobile Security

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.

CVE-2021-25454: Samsung Mobile Security

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.

CVE-2021-25455: Samsung Mobile Security

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.

CVE-2020-18169: CVE_Assessment_04_2019/Snagit_Report.pdf at master · GitHubAssessments/CVE_Assessment_04_2019

** DISPUTED ** A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details.

CVE-2018-10929: 1612660 – (CVE-2018-10929) CVE-2018-10929 glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code

A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.

CVE-2018-10926: 1613143 – (CVE-2018-10926) CVE-2018-10926 glusterfs: Device files can be created in arbitrary locations

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.

CVE-2018-10904: Gerrit Code Review

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.

CVE-2017-3085: Adobe Security Bulletin

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

CVE-2017-3080: Adobe Security Bulletin

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907