Keep Your Software Up to Date

If you're like me, then you spend a lot of time at work trying to keep your company's software up to date, the software you use is an important part of your cybersecurity strategy, it needs to be updated regularly to fix bugs and security vulnerabilities. This is important because software that isn't up-to-date can be hacked into by cybercriminals. Every day, [...]

2021-11-27T00:40:44-05:00November 26th, 2021|Basic Cybersecurity Tips|

CVE-2021-42135

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials. (CVSS:0.0) (Terminal Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-41800

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. (CVSS:0.0) (Final Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-42134

The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053. (CVSS:0.0) (Last Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-42139

Deno before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations. (CVSS:0.0) (Terminal Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-41801

The ReplaceText lengthiness through 1.41 for MediaWiki has Incorrect Accession Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog) (CVSS:0.0) (Closing Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-41798

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. (CVSS:0.0) (Terminal Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-41055

Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Final Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID. (CVSS:0.0) (Terminal Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-42137

An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc. (CVSS:0.0) (Last Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-41830

It is workable for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory. (CVSS:0.0) (Final Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|
Go to Top