Cyber Security

5 Ways Social Engineers Crack Into Human Beings

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2021-28042
PUBLISHED: 2021-03-05

Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.

CVE-2021-28041
PUBLISHED: 2021-03-05

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

CVE-2021-3377
PUBLISHED: 2021-03-05

The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.

CVE-2021-3420
PUBLISHED: 2021-03-05

A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.

CVE-2020-29020
PUBLISHED: 2021-03-05

Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.

Related News  TA542 Returns With Emotet: What's Different Now


For more updates check below links and stay updated with News AKMI.
Life and style || E Entertainment || Automotive News || Consumer Reviewer || Most Popular Video Games || Lifetime Fitness || Giant Bike

Source

Tags
Show More

Related Articles

Back to top button

usa news wall today prime news newso time news post wall

Close