βΌ CVE-2021-28560 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28561 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28564 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28553 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28550 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22789 βΌ
π Read
via "National Vulnerability Database".
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureΓΒͺ Control Expert, including all Unity Pro versions (former name of EcoStruxureΓΒͺ Control Expert, all versions), PLC Simulator for EcoStruxureΓΒͺ Process Expert including all HDCS versions (former name of EcoStruxureΓΒͺ Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).π Read
via "National Vulnerability Database".
βΌ CVE-2020-13929 βΌ
π Read
via "National Vulnerability Database".
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28558 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
β Bluetooth Bugs Open Billions of Devices to DoS, Code Execution β
π Read
via "Threat Post".
The BrakTooth set of security vulnerabilities impacts at least 11 vendors' chipsets.π Read
via "Threat Post".
Threat Post
Bluetooth Bugs Open Billions of Devices to DoS, Code Execution
The BrakTooth set of security vulnerabilities impacts at least 11 vendors' chipsets.
β SpyFone & CEO Banned From Stalkerware Biz β
π Read
via "Threat Post".
The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data.π Read
via "Threat Post".
Threat Post
SpyFone & CEO Banned From Stalkerware Biz
The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data.
βΌ CVE-2020-18048 βΌ
π Read
via "National Vulnerability Database".
An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field.π Read
via "National Vulnerability Database".
β NFT Collector Tricked into Buying Fake Banksy β
π Read
via "Threat Post".
An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money.π Read
via "Threat Post".
Threat Post
NFT Collector Tricked into Buying Fake Banksy
An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money.
βΌ CVE-2021-34436 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38641 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge for Android Spoofing Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-38642 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge for iOS Spoofing Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-26439 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge for Android Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-26436 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36930 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436.π Read
via "National Vulnerability Database".
β Brute-Force Attacks Target Inboxes for Gift Card Data β
π Read
via "Threat Post".
Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data.π Read
via "Threat Post".
Threat Post
Brute-Force Attacks Target Inboxes for Gift Card Data
Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data.
β S3 Ep48: Cryptographic bugs, cryptocurrency nightmares, and lots of phishing [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep48: Cryptographic bugs, cryptocurrency nightmares, and lots of phishing [Podcast]
Latest episode β listen now!
β Pwned! The home security system that can be hacked with your email address β
π Read
via "Naked Security".
The alarm system that can be turned off with your email address.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News