βΌ CVE-2021-3788 βΌ
π Read
via "National Vulnerability Database".
An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3720 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21141 βΌ
π Read
via "National Vulnerability Database".
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3718 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3793 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3791 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3577 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3843 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3790 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3792 βΌ
π Read
via "National Vulnerability Database".
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3599 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43331 βΌ
π Read
via "National Vulnerability Database".
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3787 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3719 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42563 βΌ
π Read
via "National Vulnerability Database".
There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43611 βΌ
π Read
via "National Vulnerability Database".
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display name of a From header.π Read
via "National Vulnerability Database".
β Costco Confirms: A Data Skimmerβs Been Ripping Off Customers β
π Read
via "Threat Post".
Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.π Read
via "Threat Post".
Threat Post
Costco Confirms: A Data Skimmerβs Been Ripping Off Customers
Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.
β Threat from Organized Cybercrime Syndicates Is Rising β
π Read
via "Threat Post".
Europol reports that criminal groups are undermining the EUβs economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.π Read
via "Threat Post".
Threat Post
Threat from Organized Cybercrime Syndicates Is Rising
Europol reports that criminal groups are undermining the EUβs economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.
βΌ CVE-2021-36315 βΌ
π Read
via "National Vulnerability Database".
Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36323 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21528 βΌ
π Read
via "National Vulnerability Database".
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.π Read
via "National Vulnerability Database".