‼ CVE-2020-5018 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16036 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26186 ‼
📖 Read
via "National Vulnerability Database".
Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16025 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21114 ‼
📖 Read
via "National Vulnerability Database".
Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16034 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attacker to bypass policy restrictions via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16035 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16042 ‼
📖 Read
via "National Vulnerability Database".
Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21112 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16043 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21111 ‼
📖 Read
via "National Vulnerability Database".
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16012 ‼
📖 Read
via "National Vulnerability Database".
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16033 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in WebUSB in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof security UI via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16039 ‼
📖 Read
via "National Vulnerability Database".
Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21113 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21108 ‼
📖 Read
via "National Vulnerability Database".
Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21107 ‼
📖 Read
via "National Vulnerability Database".
Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21110 ‼
📖 Read
via "National Vulnerability Database".
Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21115 ‼
📖 Read
via "National Vulnerability Database".
User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21109 ‼
📖 Read
via "National Vulnerability Database".
Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
❌ Malicious Software Infrastructure Easier to Get and Deploy Than Ever ❌
📖 Read
via "Threat Post".
Researchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces.📖 Read
via "Threat Post".
Threat Post
Malicious Software Infrastructure Easier to Get and Deploy Than Ever
Researchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces.