MG Strategy+

Cybersecurity Data Services

 
  • Join Now-Sign Up
  • Log In
Category : MGS+ Partners

MGS+ Intelligence Platform – Version 2.0 Release

  MGS+ Intelligence Platform – Cyber Security Data Services Version 2.0 Released November 17 2017   About Platform   Platform […]

  • Editor Paper Extracts
  • Editor Picks Articles
  • Editor Picks Maps
  • Editor Picks Reports
  • MGS+ EPCM Workgroup
  • MGS+ ICS Workgroup
  • MGS+ Operational Efficiencies Workgroup
  • MGS+ Partners
  • Uncategorized

001 MGS Alerts Advisories

  • A new experience for reporting copyright or trademark infringement on Microsoft Services
    The Notice of Copyright or Trademark Infringement Portal has helped protect Microsoft’s users and customers from intellectual property infringement across online services like Microsoft Azure, Office, Outlook, Skype, Stream, Microsoft ... read more
  • Intel Server Boards/Server Systems/Compute Modules up to 2.46 BMC Firmware buffer overflow
    A vulnerability was found in Intel Server Boards, Server Systems and Compute Modules up to 2.46 (Forum Software). It has been rated as critical. This issue affects an unknown code ... read more
  • ModernFlow prior 1.3.00.208 Search Screen/Profile Screen improper authentication
    A vulnerability was found in ModernFlow. It has been declared as problematic. This vulnerability affects an unknown code of the component Search Screen/Profile Screen. Upgrading to version 1.3.00.208 eliminates this ... read more
  • Apache MyFaces Core up to 2.2.13/2.3-next-M4/2.3.7/3.0.0-RC1 cross-site request forgery
    A vulnerability was found in Apache MyFaces Core up to 2.2.13/2.3-next-M4/2.3.7/3.0.0-RC1. It has been classified as problematic. This affects an unknown part. There is no information about possible countermeasures known. ... read more
  • Prevalence and Clinical Profile of Severe Acute Respiratory Syndrome Coronavirus 2 Infection among Farmworkers, California, June–November 2020
    J. A. Lewnard et al. ... read more
  • Lazarus Group Tied to TFlower Ransomware
    Sygnia Researchers Say Hackers Using Their MATA Framework to Deliver MalwareThe Lazarus Group, a North Korean hacking operation also known as Hidden Cobra, is deploying TFlower ransomware using its MATA ... read more
  • progfay scrapbox-parser up to 6.0.2 on Node.js Regular Expression denial of service
    A vulnerability was found in progfay scrapbox-parser up to 6.0.2 on Node.js (JavaScript Library) and classified as problematic. This issue affects an unknown function of the component Regular Expression Handler. ... read more
  • Digium Asterisk up to 13.38.1/16.16.0/17.9.1/18.2.0 SDP Negotiation res_pjsip_session.c denial of service
    A vulnerability was found in Digium Asterisk up to 13.38.1/16.16.0/17.9.1/18.2.0 (Communications System). It has been declared as problematic. This vulnerability affects an unknown function of the file res_pjsip_session.c of the ... read more
  • ownCloud App up to 2.14 on Android Lock Protection date/time protection mechanism
    A vulnerability, which was classified as critical, was found in ownCloud App up to 2.14 on Android (Android App Software). Affected is an unknown function of the file date/time of ... read more
  • ownCloud Server up to 2.7.x File Type information disclosure
    A vulnerability, which was classified as problematic, has been found in ownCloud Server up to 2.7.x (Cloud Software). This issue affects some unknown processing of the component File Type Handler. ... read more
  • tribe29 Checkmk up to 1.6.0p16 local Local Privilege Escalation
    A vulnerability was found in tribe29 Checkmk up to 1.6.0p16. It has been rated as critical. Affected by this issue is an unknown part of the file %PROGRAMDATA%checkmkagentlocal. Upgrading to ... read more
  • Amaze File Manager up to 3.5.0 symlink [CVE-2020-36246]
    A vulnerability classified as critical was found in Amaze File Manager up to 3.5.0. Affected by this vulnerability is an unknown part. Upgrading to version 3.5.1 eliminates this vulnerability. The ... read more
  • Open OnDemand up to 1.5.6/1.6.21 cross-site request forgery [CVE-2020-36247]
    A vulnerability classified as problematic has been found in Open OnDemand up to 1.5.6/1.6.21. This affects an unknown code. Upgrading to version 1.5.7 or 1.6.22 eliminates this vulnerability. ... read more
  • ownCloud up to 10.3 external remote server-side request forgery
    A vulnerability was found in ownCloud up to 10.3 (Cloud Software). It has been classified as critical. Affected is an unknown functionality of the file apps/files_sharing/external. Upgrading to version 10.4 ... read more
  • ownCloud up to 10.3 Preview improper authentication
    A vulnerability was found in ownCloud up to 10.3 (Cloud Software). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component Preview Handler. ... read more
  • ownCloud Server up to 10.2.x Share denial of service
    A vulnerability has been found in ownCloud Server up to 10.2.x (Cloud Software) and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Share Handler. ... read more
  • Sangoma Asterisk up to 16.16.0/17.9.1/18.2.0 T.38 Negotiaton denial of service
    A vulnerability was found in Sangoma Asterisk up to 16.16.0/17.9.1/18.2.0 (Communications System) and classified as problematic. Affected by this issue is an unknown code block of the component T.38 Negotiaton ... read more
  • PressBooks 5.17.3 cross site scripting [CVE-2021-3271]
    A vulnerability was found in PressBooks 5.17.3. It has been rated as problematic. This issue affects an unknown functionality. Applying a patch is able to eliminate this problem. The bugfix ... read more
  • Chamilo 1.11.14 agenda_list.php type cross site scripting
    A vulnerability, which was classified as problematic, has been found in Chamilo 1.11.14 (Content Management System). Affected by this issue is an unknown code of the file main/calendar/agenda_list.php. Applying a ... read more
  • ownCloud App up to 2.14 on Android Backup Archive information disclosure
    A vulnerability classified as problematic was found in ownCloud App up to 2.14 on Android (Android App Software). This vulnerability affects an unknown code block of the component Backup Archive ... read more
  • Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 te_acceso_router.cgi curWebPage cross site scripting
    A vulnerability, which was classified as problematic, was found in Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014. This affects an unknown code block of the file cgi-bin/te_acceso_router.cgi. There is no information about possible countermeasures ... read more
  • Sangoma Asterisk 13.38.1/16.16.0/17.9.1/18.2.0 SRTP Packet res_srtp.c access control
    A vulnerability has been found in Sangoma Asterisk 13.38.1/16.16.0/17.9.1/18.2.0 (Communications System) and classified as critical. Affected by this vulnerability is an unknown code of the file res_srtp.c of the component ... read more
  • OpenRepeater up to 2.1 ajax_system.php post_service os command injection
    A vulnerability classified as critical has been found in OpenRepeater up to 2.1. Affected is some unknown functionality of the file functions/ajax_system.php. Upgrading to version 2.2 eliminates this vulnerability. ... read more
  • Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 HTTP Header injection
    A vulnerability has been found in Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 and classified as critical. This vulnerability affects some unknown processing of the component HTTP Header Handler. There is no information about ... read more
  • ownCloud Server up to 10.3.0 Request information disclosure
    A vulnerability was found in ownCloud Server up to 10.3.0 (Cloud Software) and classified as problematic. Affected by this issue is some unknown functionality of the component Request Handler. Upgrading ... read more
  • Netis WF2780/WF2411 Ping Command os command injection [CVE-2021-26747]
    A vulnerability was found in Netis WF2780 and WF2411 (the affected version unknown). It has been classified as critical. This affects some unknown processing of the component Ping Command Handler. ... read more
  • 84.00438
    Modified (3)Adware/FreeSpy!AndroidAdware/MobiDash!AndroidRiskware/Android_BeIta!Android ]]> ... read more
  • XLM + AMSI: New runtime defense against Excel 4.0 macro malware
    We have recently expanded the integration of Antimalware Scan Interface (AMSI) with Office 365 to include the runtime scanning of Excel 4.0 (XLM) macros, to help antivirus solutions tackle the ... read more
  • CVE-2021-23976 (firefox)
    When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used ... read more
  • CVE-2021-1734 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)
    Windows Remote Procedure Call Information Disclosure Vulnerability ... read more
  • CVE-2021-24066 (sharepoint_enterprise_server, sharepoint_foundation, sharepoint_server)
    Microsoft SharePoint Remote Code Execution Vulnerability ... read more
  • CVE-2021-24067 (365_apps, excel, office, office_online_server, office_web_apps)
    Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24068, CVE-2021-24069, CVE-2021-24070. ... read more
  • CVE-2021-1733 (psexec)
    Sysinternals PsExec Elevation of Privilege Vulnerability ... read more
  • CVE-2021-3406 (fedora, keylime)
    A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to ... read more
  • CVE-2021-27330 (datepicker_calendar)
    Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such ... read more
  • CVE-2020-23534 (masterlab)
    A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter. ... read more
  • CVE-2020-8032 (cyrus-sasl)
    A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior ... read more
  • CVE-2021-24106 (windows_10, windows_server_2016, windows_server_2019)
    Windows DirectX Information Disclosure Vulnerability ... read more
  • CVE-2021-20203 (fedora, qemu)
    An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values ... read more
  • CVE-2021-1227 (nx-os)
    A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability ... read more
  • CVE-2021-25252
    Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited ... read more
  • CVE-2021-27215
    An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use ... read more
  • CVE-2021-3419
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
  • CVE-2021-26813
    markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed ... read more
  • CVE-2020-15937
    An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) ... read more
  • Google Releases Security Updates for Chrome
    Original release date: March 3, 2021Google has released Chrome version 89.0.4389.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected ... read more
  • Google Chrome Security Advisory
    ... read more
  • 84.00437
    Modified (6)Adware/MobiDash!AndroidAndroid/Agent.AZS!trAndroid/Agent.BCS!tr.spyAndroid/Agent.GIK!trAndroid/SpyMax.U!tr.spyRiskware/Agent!Android ]]> ... read more
  • Google forms cyber insurance pact with Allianz, Munich Re
    ... read more
  • Cisco SD-WAN vManage Authorization Bypass Vulnerability
    A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability ... read more
Older posts

MG Strategy+ Industrial Control Systems Group @2019

KAVI MGS iSTRACIN Platform v 02.25 Wednesday, March 3, 2021

  • Disclaimer |
  • Terms |
  • Privacy
  • About-Services |
  • Blog-Reports
  • YouTube
  • Pinterest
  • LinkedIn
  • Twitter
  • LinkedIn
  • Twitter
  • Connect-Contact

Login

Login to integratus systems Exchange Platform Services

Forgot password?
Register Now

Hello

  • Your Account Type is
  • Your Mail Id is
  • Your Username is

PDF Library Search

Security Briefing Search

MGS+ Partners Search

Reset Password

Reset Password

You have no permission to access this content