IronNet Cybersecurity to Go Public in Merger

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-21192
PUBLISHED: 2021-03-16

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21193
PUBLISHED: 2021-03-16

Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-28543
PUBLISHED: 2021-03-16

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, a…

CVE-2020-24263
PUBLISHED: 2021-03-16

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host.

CVE-2020-24264
PUBLISHED: 2021-03-16

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is …

Source

Next Post

New Enhancements in Darkside Ransomware: How Far will it Go?

Tue Mar 16 , 2021
Operators of the Darkside ransomware claim to have updated their malware with several enhancements in an attempt to promote this ransomware-as-a-service. Darkside 2.0 features quite a few enhancements. What was discovered? A message posted by the Russian-speaking group on the dark web forum XSS and Exploit advertises a new version […]