Month: February 2021
-
Unprotected Private Key Allows Remote Hacking of PLCs
Industrial associations have been cautioned for this present week that a critical authentication bypass vulnerability can permit hackers to …
-
Malicious Firefox Extension that Allows Attackers to Access and Control Users’ Gmail Accounts
Proofpoint Threat Research has tracked low-volume phishing campaigns targeting Tibetan organizations globally. In January and February …
-
The java.security.egd JVM Option
1.Overview When launching the Java Virtual Machine (JVM), there are various properties we can define that will alter how our JVM behaves. …
-
CVE-2021-27132 – SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection …
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the …
-
CVE-2021-3197 – An issue was discovered in SaltStack Salt before 3002.5. The salt-api’s ssh client is vuln …
An issue was discovered in SaltStack Salt before 3002.5. The salt-api’s ssh client is vulnerable to a shell injection by including …
-
CVE-2021-3151 – i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could al …
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject …
-
CVE-2021-3148 – An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to t …
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in …
-
CVE-2021-3144 – In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They mig …
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master …
-
CVE-2021-25284 – An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can l …
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log …
-
CVE-2021-25283 – An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does n …
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection …
-
CVE-2021-25282 – An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roo …
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory …
-
CVE-2021-25281 – An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor e …
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. …
●●●