DEBIAN-CVE-2021-20275

A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunkedbodyiscomplete leading to denial of service...

Denial Of Service (DoS)

privoxy is vulnerable to denial of service DoS. The vulnerability exists through the chunkedbodyiscomplete where an invalid read of size two can occur...

Command injection

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying...

3 New Severe Security Vulnerabilities Found In SolarWinds Software

Cybersecurity researchers on Wednesday disclosed three severe security vulnerabilities impacting SolarWinds products, the most severe of which could have been exploited to achieve remote code execution with elevated privileges. Two of the flaws CVE-2021-25274 and CVE-2021-25275 were identified in...

Guide: How Security Consolidation Helps Small Cybersecurity Teams

The dynamic nature of cybersecurity, the changes in the threat landscape, and the expansion of the attack surface lead organizations to add more security solutions—from different vendors—creating a layered security infrastructure that introduces new challenges to any team, with a much more...

CVE-2021-2002

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Buffer overflow

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2021-2128

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

CVE-2021-2088

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server...

CVE-2021-2012

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2021-2002

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2020-24639

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

PDF Complete v3.5.310 suffers from a local elevation of privilege vulnerability

PDF Complete is a PDF editor. PDF Complete v3.5.310 suffers from a local elevation of privilege vulnerability that can be exploited by an attacker to gain control of the server...

Hardcoded credentials

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools...

Design/Logic Flaw

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot...

Authorization

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access...

PDF Complete 3.5.310.2002 - (pdfsvc.exe) Unquoted Service Path Vulnerability

Exploit Title: PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path Discovery by: Zaira Alquicira Vendor Homepage: https://pdf-complete.informer.com/3.5/ Tested Version: 3.5.310.2002 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover Unquoted...

PDF Complete 3.5.310.2002 Unquoted Service Path

Exploit Title: PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path Discovery by: Zaira Alquicira Discovery Date: 2020-12-10 Vendor Homepage: https://pdf-complete.informer.com/3.5/ Tested Version: 3.5.310.2002 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es...