Security | Protect The Business – … – Dark Reading

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-3119
PUBLISHED: 2021-03-25

Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the crafted SQL command seq…

CVE-2021-27372
PUBLISHED: 2021-03-25

Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands.

CVE-2021-29093
PUBLISHED: 2021-03-25

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.

CVE-2021-29094
PUBLISHED: 2021-03-25

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.

CVE-2021-29095
PUBLISHED: 2021-03-25

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.

Leave a Reply

Your email address will not be published. Required fields are marked *

www.000webhost.com