Barracuda Agrees to Acquire Skout Cybersecurity

0 Comments
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-23403
PUBLISHED: 2021-07-02

All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input.

CVE-2021-23402
PUBLISHED: 2021-07-02

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.

CVE-2021-32639
PUBLISHED: 2021-07-02

Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emiss…

CVE-2021-27950
PUBLISHED: 2021-07-02

A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.

CVE-2021-32735
PUBLISHED: 2021-07-02

Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel’s `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can e…