‼ CVE-2021-31613 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34148 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34146 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34149 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after the paging procedure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39278 ‼
📖 Read
via "National Vulnerability Database".
Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28136 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33484 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user's ID and username. These values can be used as part of the comment posting request in order to spoof the user.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33831 ‼
📖 Read
via "National Vulnerability Database".
api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34145 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28155 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28139 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31612 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31786 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38840 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34147 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34150 ‼
📖 Read
via "National Vulnerability Database".
The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity.📖 Read
via "National Vulnerability Database".
❌ Authorities Arrest Another TrickBot Gang Member in South Korea ❌
📖 Read
via "Threat Post".
A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions.📖 Read
via "Threat Post".
Threat Post
Authorities Arrest Another TrickBot Gang Member in South Korea
A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions.
‼ CVE-2021-37717 ‼
📖 Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-5318 ‼
📖 Read
via "National Vulnerability Database".
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37723 ‼
📖 Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37731 ‼
📖 Read
via "National Vulnerability Database".
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.📖 Read
via "National Vulnerability Database".