Security Pop Quiz! q85.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber
    securingtomorrow.mcafee.com Quick Heal Threat Post Naked Security ESET CIS Malware Patrol SecList
    • Ferocious Kitten: 6 years of covert surveillance in Iran
      Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.
    MySonicWall

    Critical Infrastructure

    Case Studies

    Tools

    Exploits

    Last 20 Website Defacements - Zone-h

    Press Play to hear the answer!

    Advisories

    • SAP Solution Manager 7.20 Missing Authorization Tue, 15 Jun 2021 15:49:33 GMT
      Due to a missing authorization check in the SAP Solution Manager version 7.20 LM-SERVICE component, a remote authenticated attacker could be able to execute privileged actions in the affected system, including the execution of operating system commands.
    • Red Hat Security Advisory 2021-2439-01 Tue, 15 Jun 2021 15:49:18 GMT
      Red Hat Security Advisory 2021-2439-01 - Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 21.0.0.6 serves as a replacement for Open Liberty 21.0.0.3, and includes a security fix and enhancements. For specific information about this release, see links in the References section. Issues addressed include a cross site request forgery vulnerability.
    • Red Hat Security Advisory 2021-2417-01 Tue, 15 Jun 2021 15:46:42 GMT
      Red Hat Security Advisory 2021-2417-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
    • SAP XMII Remote Code Execution Tue, 15 Jun 2021 15:43:56 GMT
      By abusing a code injection vulnerability in SAP MII, an authenticated user with SAP XMII developer privileges could execute code (including OS commands) on the server. Versions affected include XMII 15.1 lower than SP006 PL 000062, XMII 15.2 lower than SP003 PL 000038, XMII 15.3 lower than SP001 PL 000022, and XMII 15.4 lower than SP001 PL 000007.
    • SAP Solution Manager 7.2 Missing Authorization Tue, 15 Jun 2021 15:34:47 GMT
      Any authenticated user of the SAP Solution Manager version 7.2 is able to craft, upload, and execute EEM scripts on the SMDAgents affecting its integrity, confidentiality and availability.
    • SAP Solution Manager 7.2 File Disclosure / Denial Of Service Tue, 15 Jun 2021 15:32:58 GMT
      The End-User Experience Monitoring (EEM) application, part of the SAP Solution Manager version 7.2, is vulnerable to path traversal. As a consequence, an unauthorized attacker would be able to read sensitive OS files and affect the availability of the EEM robots connected to the SolMan.
    • SAP Wily Introscope Enterprise Default Hard-Coded Credentials Tue, 15 Jun 2021 15:23:02 GMT
      SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from having default hard-coded credentials.
    • Red Hat Security Advisory 2021-2420-01 Tue, 15 Jun 2021 15:18:36 GMT
      Red Hat Security Advisory 2021-2420-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
    • SAP Wily Introscope Enterprise OS Command Injection Tue, 15 Jun 2021 15:04:10 GMT
      SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from a command injection vulnerability.
    • Ubuntu Security Notice USN-4988-1 Tue, 15 Jun 2021 15:01:25 GMT
      Ubuntu Security Notice 4988-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
    • Red Hat Security Advisory 2021-2419-01 Tue, 15 Jun 2021 15:01:13 GMT
      Red Hat Security Advisory 2021-2419-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
    • Red Hat Security Advisory 2021-2286-01 Tue, 15 Jun 2021 14:59:25 GMT
      Red Hat Security Advisory 2021-2286-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.16. Issues addressed include a remote shell upload vulnerability.
    • Red Hat Security Advisory 2021-2422-01 Tue, 15 Jun 2021 14:53:19 GMT
      Red Hat Security Advisory 2021-2422-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
    • SAP Hybris eCommerce Information Disclosure Tue, 15 Jun 2021 14:51:38 GMT
      SAP Hybris eCommerce versions 1808, 1811, 1905, and 2005 suffer from a vulnerability that allows for exposure of sensitive information.
    • Red Hat Security Advisory 2021-2416-01 Tue, 15 Jun 2021 14:51:01 GMT
      Red Hat Security Advisory 2021-2416-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
    • Red Hat Security Advisory 2021-2414-01 Tue, 15 Jun 2021 14:50:28 GMT
      Red Hat Security Advisory 2021-2414-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
    • SAP Hybris eCommerce Server-Side Request Forgery Tue, 15 Jun 2021 14:47:54 GMT
      An unauthenticated server-side request forgery vulnerability exists in SAP Hybris acceleratorservices. This means that anyone accessing this extension is able to use it to make arbitrary HTTP requests, bypassing network restrictions. Versions affected include 1808, 1811, 1905, and 2005.
    • Red Hat Security Advisory 2021-2415-01 Tue, 15 Jun 2021 14:44:42 GMT
      Red Hat Security Advisory 2021-2415-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
    • Red Hat Security Advisory 2021-2418-01 Tue, 15 Jun 2021 14:41:42 GMT
      Red Hat Security Advisory 2021-2418-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
    • Red Hat Security Advisory 2021-2374-01 Mon, 14 Jun 2021 15:54:54 GMT
      Red Hat Security Advisory 2021-2374-01 - Openshift Logging Bug Fix Release (5.0.5) addresses a lack of index validation in plugin/unmarshal/unmarshal.go .
    • Chrome SandboxedUnpacker Unsafe Shared Memory Use Mon, 14 Jun 2021 15:50:50 GMT
      SandboxedUnpacker in Chrome uses shared memory in an unsafe fashion.
    • Red Hat Security Advisory 2021-2405-01 Mon, 14 Jun 2021 15:49:07 GMT
      Red Hat Security Advisory 2021-2405-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
    • Red Hat Security Advisory 2021-2397-01 Mon, 14 Jun 2021 15:46:39 GMT
      Red Hat Security Advisory 2021-2397-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an integer overflow vulnerability.
    • Red Hat Security Advisory 2021-2396-01 Mon, 14 Jun 2021 15:44:57 GMT
      Red Hat Security Advisory 2021-2396-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an integer overflow vulnerability.
    • Red Hat Security Advisory 2021-2394-01 Mon, 14 Jun 2021 15:43:20 GMT
      Red Hat Security Advisory 2021-2394-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an integer overflow vulnerability.