ExtraHop Explains How Advanced Threats Dominate Threat Landscape

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-32458
PUBLISHED: 2021-05-27

A privilege escalation vulnerability exists in the tdts.ko chrdev_ioctl_handle functionality of Trend Micro, Inc. Home Network Security 6.1.567. A specially crafted ioctl can lead to code execution. An attacker can issue an ioctl to trigger this vulnerability.

CVE-2021-32459
PUBLISHED: 2021-05-27

A hard-coded password vulnerability exists in the SFTP Log Collection Server function of Trend Micro Inc.’s Home Network Security 6.1.567. A specially crafted network request can lead to arbitrary authentication. An attacker can send an unauthenticated message to trigger this vuln…

CVE-2021-33558
PUBLISHED: 2021-05-27

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js.

CVE-2021-33590
PUBLISHED: 2021-05-27

GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_from_mac in dbus/gattlib.c.

CVE-2021-20727
PUBLISHED: 2021-05-27

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr.

Read More HERE

Leave a Reply