βΌ CVE-2021-3843 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3790 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3792 βΌ
π Read
via "National Vulnerability Database".
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3599 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43331 βΌ
π Read
via "National Vulnerability Database".
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3787 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3719 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42563 βΌ
π Read
via "National Vulnerability Database".
There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43611 βΌ
π Read
via "National Vulnerability Database".
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display name of a From header.π Read
via "National Vulnerability Database".
β Costco Confirms: A Data Skimmerβs Been Ripping Off Customers β
π Read
via "Threat Post".
Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.π Read
via "Threat Post".
Threat Post
Costco Confirms: A Data Skimmerβs Been Ripping Off Customers
Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.
β Threat from Organized Cybercrime Syndicates Is Rising β
π Read
via "Threat Post".
Europol reports that criminal groups are undermining the EUβs economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.π Read
via "Threat Post".
Threat Post
Threat from Organized Cybercrime Syndicates Is Rising
Europol reports that criminal groups are undermining the EUβs economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.
βΌ CVE-2021-36315 βΌ
π Read
via "National Vulnerability Database".
Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36323 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21528 βΌ
π Read
via "National Vulnerability Database".
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36325 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36305 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36324 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41229 βΌ
π Read
via "National Vulnerability Database".
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3938 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3918 βΌ
π Read
via "National Vulnerability Database".
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3775 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".