5 Ways Social Engineers Crack Into Human Beings

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-27099
PUBLISHED: 2021-03-05

In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the v…

CVE-2021-28038
PUBLISHED: 2021-03-05

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during m…

CVE-2021-28039
PUBLISHED: 2021-03-05

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFI…

CVE-2021-28040
PUBLISHED: 2021-03-05

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.

CVE-2020-28502
PUBLISHED: 2021-03-05

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.

Source

Next Post

Exactly why the mainframe is usually in existence and thriving

Fri Mar 5 , 2021
Mainframes moved into the market in the early 1950’s whenever IBM as well as the seven dwarfs (Burroughs, Unisys, NCR, Control Data, Honeywell, GE, and RCA) made the processing age group plus taken part pertaining to crucial applications, sophisticated modeling, and considerable transactions and workloads one of the biggest associated […]