βΌ CVE-2021-0360 βΌ
π Read
via "National Vulnerability Database".
In netdiag, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442006.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0353 βΌ
π Read
via "National Vulnerability Database".
In kisd, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425247.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0363 βΌ
π Read
via "National Vulnerability Database".
In mobile_log_d, there is a possible command injection due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05458478.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0358 βΌ
π Read
via "National Vulnerability Database".
In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05442022.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21043 βΌ
π Read
via "National Vulnerability Database".
ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29164 βΌ
π Read
via "National Vulnerability Database".
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-29165 βΌ
π Read
via "National Vulnerability Database".
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29166 βΌ
π Read
via "National Vulnerability Database".
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29163 βΌ
π Read
via "National Vulnerability Database".
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28144 βΌ
π Read
via "National Vulnerability Database".
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.π Read
via "National Vulnerability Database".
β Five Critical Android Bugs Patched, Part of Feb. Security Bulletin β
π Read
via "Threat Post".
Februaryβs security update for the mobile OS includes a Qualcomm flaw rated critical, with a CVSS score of 9.8.π Read
via "Threat Post".
Threat Post
Five Critical Android Bugs Patched, Part of Feb. Security Bulletin
Februaryβs security update for the mobile OS includes a Qualcomm flaw rated critical, with a CVSS score of 9.8.
π΄ What I Wish I Knew at the Start of My InfoSec Career π΄
π Read
via "Dark Reading".
Security pros identify lessons learned that impact how they view infosec today.π Read
via "Dark Reading".
Dark Reading
What I Wish I Knew at the Start of My InfoSec Career
Security pros identify lessons learned that impact how they view infosec today.
β What should you say if you have a data breach? Catch up with Jason Nurse at Sophos Evolve β
π Read
via "Naked Security".
Learn why it's way better to rehearse what to say if you suffer a data breach than to make it up as you go along.π Read
via "Naked Security".
Naked Security
What should you say if you have a data breach? Catch up with Jason Nurse at Sophos Evolve
Learn why itβs way better to rehearse what to say if you suffer a data breach than to make it up as you go along.
π¦Ώ 6 enterprise security software options to keep your organization safe π¦Ώ
π Read
via "Tech Republic".
Enterprise security software is essential to protecting company data, personnel, and customers. Learn about some of the popular options available for your organization.π Read
via "Tech Republic".
TechRepublic
6 enterprise security software options to keep your organization safe
Enterprise security software is essential to protecting company data, personnel, and customers. Learn about some of the popular options available for your organization.
π Mandos Encrypted File System Unattended Reboot Utility 1.8.14 π
π Read
via "Packet Storm Security".
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.π Read
via "Packet Storm Security".
Packetstormsecurity
Mandos Encrypted File System Unattended Reboot Utility 1.8.14 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2020-35481 βΌ
π Read
via "National Vulnerability Database".
SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25760 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2507 βΌ
π Read
via "National Vulnerability Database".
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to obtain control of a QNAP device. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25778 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25756 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25769 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.π Read
via "National Vulnerability Database".