Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-29752: Security Bulletin: IBM® Db2® is vulnerable to an information disclosure, exposing remote storage credentials to privileged users under specific conditions.(CVE-2021-29752)

IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.

CVE

Related news

CVE-2021-34585

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

CVE-2020-28960

Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters.

CVE-2021-38485: Emerson WirelessHART Gateway | CISA

The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.

CVE-2021-20130: ManageEngine ADManager Plus Build 7111 Multiple Vulnerabilities - Research Advisory | Tenable®

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.

CVE-2021-20131: ManageEngine ADManager Plus Build 7111 Multiple Vulnerabilities - Research Advisory | Tenable®

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.

[update]Patch now! Apache fixes zero-day vulnerability in HTTP Server

Two vulnerabilities have been patched for Apache HTTP server. One of these vulnerabilities was exploited in the wild. Categories: Exploits and vulnerabilities Tags: 2.4.49 apache HTTP Server cve-2021-41524 CVE-2021-41773 shodan *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/apache-http/ ) )* The post [update]Patch now! Apache fixes zero-day vulnerability in HTTP Server appeared first on Malwarebytes Labs.

Patch now! Apache fixes zero-day vulnerability in HTTP Server

Two vulnerabilities have been patched for Apache HTTP server. One of these vulnerabilities was exploited in the wild. Categories: Exploits and vulnerabilities Tags: 2.4.49 apache HTTP Server cve-2021-41524 CVE-2021-41773 shodan *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/apache-http/ ) )* The post Patch now! Apache fixes zero-day vulnerability in HTTP Server appeared first on Malwarebytes Labs.

[Updated, again] Apache fixes zero-day vulnerability in HTTP Server

Two vulnerabilities have been patched for Apache HTTP server. One of these vulnerabilities was exploited in the wild. Categories: Exploits and vulnerabilities Tags: 2.4.49 apache HTTP Server cve-2021-41524 CVE-2021-41773 shodan *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/apache-http/ ) )* The post [Updated, again] Apache fixes zero-day vulnerability in HTTP Server appeared first on Malwarebytes Labs.

CVE-2021-22535: Potential information disclosure vulnerability (CVE-2021-22535)

Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.

Dumping RDP Credentials

Administrators typically use Remote Desktop Protocol (RDP) in order to manage Windows environments remotely. It is also typical RDP to be enabled in systems that… Continue reading → Dumping RDP Credentials

CVE-2021-22205: HackerOne

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

CVE-2019-16545: Jenkins Security Advisory 2019-11-21

Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

CVE-2019-10397: Jenkins Security Advisory 2019-09-12

Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907