Security
Headlines
HeadlinesLatestCVEs

Headline

Moxa MXview Network Management Software

This advisory contains mitigations for Path Traversal, Use of Hard-coded Password, Unprotected Transport of Credentials, Injection, and Improper Access Control vulnerabilities in Moxa MXview network management software.

us-cert

Related news

CVE-2021-32663: Build software better, together

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

CVE-2021-23857: Multiple vulnerabilities in Rexroth IndraMotion and IndraLogic series

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.

MedSec Network Utility Tool

MedSec is a network utility tool developed to perform some network, security administrator, and pentesting tasks. Basic functionality includes port scans, host discovery, banner grabbing, dns checks, subdomain enumeration, and more.

CVE-2021-41586: Gradle Enterprise - Security Advisories | Gradle Inc.

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.

CVE-2021-41587: Gradle Enterprise - Security Advisories | Gradle Inc.

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.

Netgear fixes RCE flaw in routers’ parental controls feature

Bug in third-party code offers salutary lessons around enterprise risk management, say researchers

CVE-2021-41011: HackerOne

LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information.

CVE-2021-41391: Ericsson ECM (Enterprise Content Management) solution Vulnerable to Stored XSS.

In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.

CVE-2021-41390: Ericsson ECM (Enterprise Content Management) solution Vulnerable to CSV Injection

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.

CVE-2021-25737: CVE-2021-25737: Holes in EndpointSlice Validation Enable Host Network Hijack · Issue #102106 · kubernetes/kubernetes

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.

us-cert: Latest News

Delta Electronics DTM Soft