Huntress Acquires EDR Technology From Level Effect


Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

PUBLISHED: 2021-01-13

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.

PUBLISHED: 2021-01-13

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethern…

PUBLISHED: 2021-01-13

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “httpâ€?, “emailââ&sbq…

PUBLISHED: 2021-01-13

IBM Security Guardium Data Encryption (GDE) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577.

PUBLISHED: 2021-01-13

IBM Security Guardium Data Encryption (GDE) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823.

Source link