CVE-2021-37976

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially easily broken information from process memory via a crafted HTML page. (CVSS:0.0) (Closing Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Gain Information|

CVE-2021-32029

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. (CVSS:0.0) (Last Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Gain Information|

CVE-2020-4654

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain breakable information due to improper permission control. IBM X-Force ID: 186090. (CVSS:0.0) (Last Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Gain Information|

CVE-2021-20552

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain easily broken information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170. (CVSS:0.0) (Concluding Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Gain Information|

CVE-2021-29700

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain fragile information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656. (CVSS:0.0) (Terminal Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Gain Information|

CVE-2021-29761

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain delicate information from the dashboard that they should not have entree to. IBM X-Force ID: 202265. (CVSS:0.0) (Concluding Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Gain Information|

CVE-2021-41125

Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an choice, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request fundament, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`. (CVSS:0.0) (Final Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Gain Information|

CVE-2021-34702

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain fragile information. This vulnerability is owed to improper enforcement of administrator privilege levels for low-value easily broken data. An attacker with read-only administrator admittance to the web-based management interface could exploit this vulnerability by browsing to the page that contains the delicate data. A successful exploit could allow the attacker to collect frail information regarding the configuration of the system. (CVSS:0.0) (Closing Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Gain Information|

CVE-2021-34782

A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain accession to fragile information that should be restricted. The attacker must have valid device credentials. This vulnerability is owed to improper admittance controls on API endpoints. An attacker could exploit the vulnerability by sending a particular API request to an affected application. A successful exploit could allow the attacker to obtain delicate information about other users who are configured with higher privileges on the application. (CVSS:0.0) (Closing Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Gain Information|

CVE-2021-0691

In the SELinux policy configured in system_app.te, there is a possible way for system_app to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-188554048 (CVSS:0.0) (Final Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Gain Information|
Go to Top