‼ CVE-2020-29171 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.📖 Read
via "National Vulnerability Database".
🕴 Zero Trust in the Real World 🕴
📖 Read
via "Dark Reading".
Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.📖 Read
via "Dark Reading".
Dark Reading
Zero Trust in the Real World
Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.
🦿 Mozilla privacy report on dating apps singles out Grindr for serious security lapses 🦿
📖 Read
via "Tech Republic".
21 of the 24 dating apps examined were tagged with the "*Privacy Not Included" warning label.📖 Read
via "Tech Republic".
TechRepublic
Mozilla privacy report on dating apps singles out Grindr for serious security lapses
21 of the 24 dating apps examined were tagged with the "*Privacy Not Included" warning label.
🦿 NordVPN puts the price tag of stolen streaming subscriptions at $38 million 🦿
📖 Read
via "Tech Republic".
Malware designed to steal log-in information saved in browsers has infected 16 million computers and swiped credentials for up to 174,800 accounts.📖 Read
via "Tech Republic".
TechRepublic
NordVPN puts the price tag of stolen streaming subscriptions at $38 million
Malware designed to steal log-in information saved in browsers has infected 16 million computers and swiped credentials for up to 174,800 accounts.
❌ Hybrid, Older Users Most-Targeted by Gmail Attackers ❌
📖 Read
via "Threat Post".
Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn't a big factor.📖 Read
via "Threat Post".
Threat Post
Hybrid, Older Users Most-Targeted by Gmail Attackers
Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn't a big factor.
‼ CVE-2021-0338 ‼
📖 Read
via "National Vulnerability Database".
In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156260178📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26299 ‼
📖 Read
via "National Vulnerability Database".
ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands, for example, CWD and UPDR. When windows separators exist within the path (`\`), `path.resolve` leaves the upper pointers intact and allows the user to move beyond the root folder defined for that user. We did not take that into account when creating the path resolve function. The issue is patched in version 4.4.0 (commit 457b859450a37cba10ff3c431eb4aa67771122e3).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0326 ‼
📖 Read
via "National Vulnerability Database".
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0335 ‼
📖 Read
via "National Vulnerability Database".
In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160346309📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0314 ‼
📖 Read
via "National Vulnerability Database".
In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-171221302📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0341 ‼
📖 Read
via "National Vulnerability Database".
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0330 ‼
📖 Read
via "National Vulnerability Database".
In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0337 ‼
📖 Read
via "National Vulnerability Database".
In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0331 ‼
📖 Read
via "National Vulnerability Database".
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-170731783📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0333 ‼
📖 Read
via "National Vulnerability Database".
In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3033 ‼
📖 Read
via "National Vulnerability Database".
An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0336 ‼
📖 Read
via "National Vulnerability Database".
In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13546 ‼
📖 Read
via "National Vulnerability Database".
In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26938 ‼
📖 Read
via "National Vulnerability Database".
A stored XSS issue exists in henriquedornas 5.2.17 via online live chat.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26939 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0305 ‼
📖 Read
via "National Vulnerability Database".
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-154015447📖 Read
via "National Vulnerability Database".