Monthly Archive: September 2021

Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. Date published : 2021-09-28 https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT https://www.nagios.com/downloads/nagios-xi/change-log/

Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. Date published : 2021-09-28 https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT https://www.nagios.com/downloads/nagios-xi/change-log/

Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. Date published : 2021-09-28 https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT https://www.nagios.com/downloads/nagios-xi/change-log/

Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. Date published : 2021-09-28 https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT https://www.nagios.com/downloads/nagios-xi/change-log/

SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a...

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links...

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute...

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute...

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Date published : 2021-09-28 https://www.dell.com/support/kbdoc/000191495/

RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64. Date published : 2021-09-28 https://yunus-shn.medium.com/ricon-industrial-cellular-router-cleartext-credentials-e236052415d

The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to...

A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code...

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated...

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. Date published : 2021-09-28 https://github.com/kindsoft/kindeditor/ https://www.cnvd.org.cn/flaw/show/3257066