βΌ CVE-2021-25237 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0350 βΌ
π Read
via "National Vulnerability Database".
In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05342338.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0343 βΌ
π Read
via "National Vulnerability Database".
In kisd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449962.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25244 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25227 βΌ
π Read
via "National Vulnerability Database".
Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability Γ’β¬β i.e. the attacker must already have access to the target system (either legitimately or via another exploit).π Read
via "National Vulnerability Database".
βΌ CVE-2021-25241 βΌ
π Read
via "National Vulnerability Database".
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25240 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25233 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0344 βΌ
π Read
via "National Vulnerability Database".
In mtkpower, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05437558.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25229 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0346 βΌ
π Read
via "National Vulnerability Database".
In vpu, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05371580.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25248 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25246 βΌ
π Read
via "National Vulnerability Database".
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0348 βΌ
π Read
via "National Vulnerability Database".
In vpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05349201.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25245 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25243 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25236 βΌ
π Read
via "National Vulnerability Database".
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25239 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0345 βΌ
π Read
via "National Vulnerability Database".
In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05432974.π Read
via "National Vulnerability Database".
β Android Devices Prone to Botnetβs DDoS Onslaught β
π Read
via "Threat Post".
A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity.π Read
via "Threat Post".
Threat Post
Android Devices Prone to Botnetβs DDoS Onslaught
A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity.
π΄ Microsoft Says It's Time to Attack Your Machine-Learning Models π΄
π Read
via "Dark Reading".
With access to some training data, Microsoft's red team recreated a machine-learning system and found sequences of requests that resulted in a denial-of-service.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading