Apple Patches iOS Zero-Day

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-3275
PUBLISHED: 2021-03-26

Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper valida…

CVE-2021-23889
PUBLISHED: 2021-03-26

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator’s entries were not correctly sanitized.

CVE-2021-23890
PUBLISHED: 2021-03-26

Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and th…

CVE-2021-23888
PUBLISHED: 2021-03-26

Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.

CVE-2021-20681
PUBLISHED: 2021-03-26

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

Source

Next Post

40% of Apps Leaking Information

Fri Mar 26 , 2021
Apps in manufacturing most at risk, according to WhiteHat Security. More than 40% of applications are actively leaking information and are at risk of exposing sensitive data, according to new data from WhiteHat Security. Apps in the manufacturing sector are particularly vulnerable.   The firm’s AppSec Stats Flash Volume 3, the latest […]