‼ CVE-2021-37069 ‼
📖 Read
via "National Vulnerability Database".
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25512 ‼
📖 Read
via "National Vulnerability Database".
An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37050 ‼
📖 Read
via "National Vulnerability Database".
There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37054 ‼
📖 Read
via "National Vulnerability Database".
There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25518 ‼
📖 Read
via "National Vulnerability Database".
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25511 ‼
📖 Read
via "National Vulnerability Database".
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25510 ‼
📖 Read
via "National Vulnerability Database".
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37037 ‼
📖 Read
via "National Vulnerability Database".
There is an Invalid address access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42110 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40860 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25514 ‼
📖 Read
via "National Vulnerability Database".
An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25515 ‼
📖 Read
via "National Vulnerability Database".
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25525 ‼
📖 Read
via "National Vulnerability Database".
Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37049 ‼
📖 Read
via "National Vulnerability Database".
There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37053 ‼
📖 Read
via "National Vulnerability Database".
There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.📖 Read
via "National Vulnerability Database".
🕴 Why Cloud Service Providers Are a Single Point of Failure 🕴
📖 Read
via "Dark Reading".
In a matter of days, a large-scale outage of cloud and other online services could cause $15 billion in losses.📖 Read
via "Dark Reading".
Dark Reading
Why Cloud Service Providers Are a Single Point of Failure
In a matter of days, a large-scale outage of cloud and other online services could cause $15 billion in losses.
❌ AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK ❌
📖 Read
via "Threat Post".
Researchers have found a number of high-security vulnerabilities in third-party driver software – bugs that originated in a library created by network virtualization firm Eltima – that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes Amazon WorkSpaces, Accops and NoMachine, among others: all apps that […]📖 Read
via "Threat Post".
Threat Post
AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK
The flaws, which could enable attackers to disable security and gain kernel-level privileges, affect Amazon WorkSpaces and other cloud services that use USB over Ethernet.
‼ CVE-2021-41021 ‼
📖 Read
via "National Vulnerability Database".
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3815 ‼
📖 Read
via "National Vulnerability Database".
utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41013 ‼
📖 Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27860 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 could allow a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.📖 Read
via "National Vulnerability Database".