Molson Coors Beer Operations Halted by Hack

0 Comments
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-28373
PUBLISHED: 2021-03-13

The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in produ…

CVE-2021-28361
PUBLISHED: 2021-03-13

An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.

CVE-2020-35682
PUBLISHED: 2021-03-13

Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).

CVE-2021-20017
PUBLISHED: 2021-03-13

A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a ‘nobody’ user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

CVE-2021-20018
PUBLISHED: 2021-03-13

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.