CVE-2021-43055

The eFTL Server component of TIBCO Software Inc.’s TIBCO eFTL – Community Edition, TIBCO eFTL – Developer Edition, and TIBCO eFTL – Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO eFTL – Community Edition: versions 6.7.2 and below, TIBCO eFTL – Developer Edition: versions 6.7.2 and below, and TIBCO eFTL – Enterprise Edition: versions 6.7.2 and below.

Source: CVE-2021-43055

CVE-2021-1573

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Source: CVE-2021-1573

CVE-2021-43052

The Realm Server component of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.’s TIBCO FTL – Community Edition: versions 6.7.2 and below, TIBCO FTL – Developer Edition: versions 6.7.2 and below, and TIBCO FTL – Enterprise Edition: versions 6.7.2 and below.

Source: CVE-2021-43052

CVE-2021-34704

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Source: CVE-2021-34704

CVE-2021-43053

The Realm Server component of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.’s TIBCO FTL – Community Edition: versions 6.7.2 and below, TIBCO FTL – Developer Edition: versions 6.7.2 and below, and TIBCO FTL – Enterprise Edition: versions 6.7.2 and below.

Source: CVE-2021-43053

CVE-2021-43054

The eFTL Server component of TIBCO Software Inc.’s TIBCO eFTL – Community Edition, TIBCO eFTL – Developer Edition, and TIBCO eFTL – Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.’s TIBCO eFTL – Community Edition: versions 6.7.2 and below, TIBCO eFTL – Developer Edition: versions 6.7.2 and below, and TIBCO eFTL – Enterprise Edition: versions 6.7.2 and below.

Source: CVE-2021-43054

CVE-2022-0173

radare2 is vulnerable to Out-of-bounds Read

Source: CVE-2022-0173

CVE-2022-0129

Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.

Source: CVE-2022-0129

CVE-2021-29701

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.

Source: CVE-2021-29701

CVE-2021-38991

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.

Source: CVE-2021-38991