MG Strategy+ - Foundation LogoSEC

MG Strategy+

Cybersecurity Data Services

Join Now-Sign Up
Log In

SEC

Editor Paper Extracts
Editor Picks Articles
Editor Picks Maps
Editor Picks Reports
MGS+ EPCM Workgroup
MGS+ ICS Workgroup
MGS+ Operational Efficiencies Workgroup
MGS+ Partners
Uncategorized

001 MGS Alerts Advisories

88.00123
Newly Added (1)Android/Agent.DQP!trModified (3)Adware/Ewind!AndroidAdware/MobiDash!AndroidRiskware/ScamApp!Android ]]> ... read more
Food Delivery Services Face GDPR Fines Over AI Algorithms
Workers Faced Discriminatory AI at Both Deliveroo and Foodinho, Regulator SaysItaly's privacy regulator has slammed two of the country's biggest online food delivery firms - Deliveroo and Foodinho - with ... read more
Chrome Beta for iOS Update
Hi, everyone! We've released Chrome Beta 93 (93.0.4577.25) for iOS: it'll become available on App Store in next few days. You can see a partial list of the changes in ... read more
The Graph Foundation launches bug bounty program
Bugs in scope include RCE and those leading to the loss of user funds. ... read more
88.00122
Modified (8)Adware/Dromon!AndroidAdware/Ewind!AndroidAdware/Kuguo!AndroidAdware/MobiDash!AndroidAdware/Notifyer!AndroidAdware/SpyPhone!AndroidAndroid/Agent.CPR!trRiskware/Application!Android ]]> ... read more
CVE-2021-35463
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the ... read more
CVE-2020-24826
A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. ... read more
CVE-2021-32594
An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to ... read more
CVE-2021-24010
Improper limitation of a pathname to a restricted directoryÂ vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and ... read more
CVE-2020-24827
A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. ... read more
CVE-2020-24824
A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS). ... read more
CVE-2021-32590
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an ... read more
CVE-2020-24822
A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. ... read more
CVE-2020-24825
A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. ... read more
CVE-2020-24823
A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. ... read more
CVE-2020-24821
A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. ... read more
CVE-2021-29765
IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476. ... read more
CVE-2021-3678
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) ... read more
CVE-2021-36764
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in ... read more
CVE-2021-24018
A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically ... read more
CVE-2021-26098
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state ... read more
CVE-2021-33338
The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which ... read more
CVE-2021-36765
In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system. ... read more
CVE-2021-33337
Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix ... read more
CVE-2021-36168
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker ... read more
Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router ... read more
Cisco Packet Tracer for Windows DLL Injection Vulnerability
A vulnerability in Cisco Packet Tracer for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must ... read more
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute ... read more
Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability
A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because ... read more
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying ... read more
Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability
A vulnerability in Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is ... read more
ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To ... read more
Cisco Connected Mobile Experiences Strong Authentication Requirements Enforcement Bypass
A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply ... read more
Congratulations to the MSRC 2021 Most Valuable Security Researchers!
The MSRC Researcher Recognition Program offers public thanks and acknowledgement to the researchers who help protect customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited ... read more
Supply chain attacks, IoT threats on tap for Black Hat 2021
... read more
IBM WebSphere Application Server up to 6.0.2.17 Local Privilege Escalation
A vulnerability classified as critical was found in IBM WebSphere Application Server up to 6.0.2.17 (Application Server Software). Upgrading to version 6.0.2.18 eliminates this vulnerability. ... read more
One Month of Learnings from Flo Health’s Bug Bounty Program: A Q&A with CISO, Leo Cunningham
The world’s most popular women’s health app, Flo Health, is responsible for the sensitive health data of 40 million women. With that much PII under their purview, Flo Health’s CISO ... read more
88.00121
Modified (5)Adware/Ewind!AndroidAdware/Kuguo!AndroidAdware/MobiDash!AndroidAdware/Sosceo!AndroidRiskware/Application!Android ]]> ... read more
NA – CVE-2020-19302 – An arbitrary file upload vulnerability in the…
An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php". ... read more
NA – CVE-2021-30568 – Heap buffer overflow in WebGL in Google Chrome…
Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ... read more
NA – CVE-2021-37232 – A stack overflow vulnerability occurs in…
A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in ... read more
NA – CVE-2021-33339 – Cross-site scripting (XSS) vulnerability in the…
Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script ... read more
NA – CVE-2021-35397 – A path traversal vulnerability in the static…
A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack ... read more
NA – CVE-2021-3680 – showdoc is vulnerable to Missing Cryptographic…
showdoc is vulnerable to Missing Cryptographic Step ... read more
NA – CVE-2020-19301 – A vulnerability in the vae_admin_rule database…
A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter. ... read more
NA – CVE-2021-37231 – A stack-buffer-overflow occurs in Atomicparsley…
A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check. ... read more
NA – CVE-2021-36703 – The “blog title” field in the “Settings” menu…
The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an ... read more
NA – CVE-2021-30577 – Insufficient policy enforcement in Installer in…
Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. ... read more
NA – CVE-2021-36483 – DevExpress.XtraReports.UI through v21.1 allows…
DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization. ... read more
NA – CVE-2021-27952 – Hardcoded default root credentials exist on the…
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console. ... read more

MG Strategy+ Industrial Control Systems Group @2019

KAVI MGS iSTRACIN Platform v 02.25 Wednesday, August 4, 2021

Disclaimer |
Terms |
Privacy
About-Services |
Blog-Reports
YouTube
Pinterest
LinkedIn
Twitter
LinkedIn
Twitter
Connect-Contact

Login

Login to integratus systems Exchange Platform Services

Forgot password?

Hello

Your Account Type is
Your Mail Id is
Your Username is

PDF Library Search

Security Briefing Search

Foundation Logo Search

Reset Password

Reset Password

You have no permission to access this content