โผ CVE-2021-35995 โผ
๐ Read
via "National Vulnerability Database".
Adobe After Effects version 18.2.1 (and earlier) is affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-22525 โผ
๐ Read
via "National Vulnerability Database".
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1๐ Read
via "National Vulnerability Database".
โผ CVE-2021-36019 โผ
๐ Read
via "National Vulnerability Database".
Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-22792 โผ
๐ Read
via "National Vulnerability Database".
A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureรยช Control Expert, including all Unity Pro versions (former name of EcoStruxureรยช Control Expert, all versions), PLC Simulator for EcoStruxureรยช Process Expert including all HDCS versions (former name of EcoStruxureรยช Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28557 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to leak sensitive system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-36018 โผ
๐ Read
via "National Vulnerability Database".
Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28560 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28561 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28564 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28553 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28550 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-22789 โผ
๐ Read
via "National Vulnerability Database".
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureรยช Control Expert, including all Unity Pro versions (former name of EcoStruxureรยช Control Expert, all versions), PLC Simulator for EcoStruxureรยช Process Expert including all HDCS versions (former name of EcoStruxureรยช Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).๐ Read
via "National Vulnerability Database".
โผ CVE-2020-13929 โผ
๐ Read
via "National Vulnerability Database".
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28558 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โ Bluetooth Bugs Open Billions of Devices to DoS, Code Execution โ
๐ Read
via "Threat Post".
The BrakTooth set of security vulnerabilities impacts at least 11 vendors' chipsets.๐ Read
via "Threat Post".
Threat Post
Bluetooth Bugs Open Billions of Devices to DoS, Code Execution
The BrakTooth set of security vulnerabilities impacts at least 11 vendors' chipsets.
โ SpyFone & CEO Banned From Stalkerware Biz โ
๐ Read
via "Threat Post".
The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data.๐ Read
via "Threat Post".
Threat Post
SpyFone & CEO Banned From Stalkerware Biz
The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data.
โผ CVE-2020-18048 โผ
๐ Read
via "National Vulnerability Database".
An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field.๐ Read
via "National Vulnerability Database".
โ NFT Collector Tricked into Buying Fake Banksy โ
๐ Read
via "Threat Post".
An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money.๐ Read
via "Threat Post".
Threat Post
NFT Collector Tricked into Buying Fake Banksy
An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money.
โผ CVE-2021-34436 โผ
๐ Read
via "National Vulnerability Database".
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38641 โผ
๐ Read
via "National Vulnerability Database".
Microsoft Edge for Android Spoofing Vulnerability๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38642 โผ
๐ Read
via "National Vulnerability Database".
Microsoft Edge for iOS Spoofing Vulnerability๐ Read
via "National Vulnerability Database".