Survey Data Reveals Gap in Americans’ Security Awareness

0 Comments
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-22119
PUBLISHED: 2021-06-29

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker ca…

CVE-2020-21394
PUBLISHED: 2021-06-29

SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php.

CVE-2021-20101
PUBLISHED: 2021-06-29

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content.

CVE-2021-20102
PUBLISHED: 2021-06-29

Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.

CVE-2021-20103
PUBLISHED: 2021-06-29

Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php.