Fraudsters Use HTML Legos to Evade Detection in Phishing Attack

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-36287
PUBLISHED: 2021-04-09

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.

CVE-2021-3413
PUBLISHED: 2021-04-08

A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager’s secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity a…

CVE-2021-3448
PUBLISHED: 2021-04-08

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID …

CVE-2021-3482
PUBLISHED: 2021-04-08

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

CVE-2020-6590
PUBLISHED: 2021-04-08

Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure.

Read More HERE

Leave a Reply