Security
Headlines
HeadlinesLatestCVEs

Headline

CISA: Wide Exploitation of New VMware vCenter Server Flaw Likely

Attackers can use the vulnerability to remotely execute arbitrary code.

DARKReading

Related news

CVE-2021-34756: Cisco Firepower Threat Defense Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-34755: Cisco Firepower Threat Defense Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-21743: Security Bulletin Details

ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.

CVE-2021-21748: Security Bulletin Details

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.

CVE-2021-21749: Security Bulletin Details

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.

CVE-2021-21747: Security Bulletin Details

ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.

CVE-2021-21746: Security Bulletin Details

ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.

CVE-2021-41878:

A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console.

CVE-2021-41878

A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console.

Salt Security Finds Widespread Elastic Stack API Security Vulnerability that Exposes Customer and System Data

New threat research from the Salt Labs Security research team details Elastic Stack injection exploit that can result in DoS attacks and cascading API threats

CVE-2019-6742: ZDI-19-255

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477.

DARKReading: Latest News

Apple Urgently Patches Actively Exploited Zero-Days