Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

PUBLISHED: 2021-09-24

Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.

PUBLISHED: 2021-09-24

x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks ‘’ termination.

PUBLISHED: 2021-09-24

vpn-user-portal (aka eduVPN or Let’s Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VP…

PUBLISHED: 2021-09-24

Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.

PUBLISHED: 2021-09-23

A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.

#Hot #Cyber #Threat #Trends #Expect #Black #Hat