‼ CVE-2021-40284 ‼
📖 Read
via "National Vulnerability Database".
D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32484 ‼
📖 Read
via "National Vulnerability Database".
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964917.📖 Read
via "National Vulnerability Database".
🦿 The top keywords used in phishing email subject lines 🦿
📖 Read
via "Tech Republic".
Some of these phrasings are standard day-to-day subject lines, but as one expert explained, "the attacker wants you to be moving too fast to stop and question if it's legitimate."📖 Read
via "Tech Republic".
TechRepublic
The top keywords used in phishing email subject lines
Some of these phrasings are standard day-to-day subject lines, but as one expert explained, "the attacker wants you to be moving too fast to stop and question if it's legitimate."
‼ CVE-2021-25466 ‼
📖 Read
via "National Vulnerability Database".
Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28910 ‼
📖 Read
via "National Vulnerability Database".
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25454 ‼
📖 Read
via "National Vulnerability Database".
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19268 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19264 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25465 ‼
📖 Read
via "National Vulnerability Database".
An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25452 ‼
📖 Read
via "National Vulnerability Database".
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25456 ‼
📖 Read
via "National Vulnerability Database".
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28913 ‼
📖 Read
via "National Vulnerability Database".
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase. This is usable and part of an attack chain to gain SSH root access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25464 ‼
📖 Read
via "National Vulnerability Database".
An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25453 ‼
📖 Read
via "National Vulnerability Database".
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25451 ‼
📖 Read
via "National Vulnerability Database".
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38318 ‼
📖 Read
via "National Vulnerability Database".
The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38317 ‼
📖 Read
via "National Vulnerability Database".
The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25455 ‼
📖 Read
via "National Vulnerability Database".
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28909 ‼
📖 Read
via "National Vulnerability Database".
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SSH root access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19266 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19265 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.📖 Read
via "National Vulnerability Database".