‼ CVE-2021-37054 ‼
📖 Read
via "National Vulnerability Database".
There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25518 ‼
📖 Read
via "National Vulnerability Database".
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25511 ‼
📖 Read
via "National Vulnerability Database".
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25510 ‼
📖 Read
via "National Vulnerability Database".
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37037 ‼
📖 Read
via "National Vulnerability Database".
There is an Invalid address access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42110 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40860 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25514 ‼
📖 Read
via "National Vulnerability Database".
An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25515 ‼
📖 Read
via "National Vulnerability Database".
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25525 ‼
📖 Read
via "National Vulnerability Database".
Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37049 ‼
📖 Read
via "National Vulnerability Database".
There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37053 ‼
📖 Read
via "National Vulnerability Database".
There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.📖 Read
via "National Vulnerability Database".
🕴 Why Cloud Service Providers Are a Single Point of Failure 🕴
📖 Read
via "Dark Reading".
In a matter of days, a large-scale outage of cloud and other online services could cause $15 billion in losses.📖 Read
via "Dark Reading".
Dark Reading
Why Cloud Service Providers Are a Single Point of Failure
In a matter of days, a large-scale outage of cloud and other online services could cause $15 billion in losses.
❌ AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK ❌
📖 Read
via "Threat Post".
Researchers have found a number of high-security vulnerabilities in third-party driver software – bugs that originated in a library created by network virtualization firm Eltima – that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes Amazon WorkSpaces, Accops and NoMachine, among others: all apps that […]📖 Read
via "Threat Post".
Threat Post
AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK
The flaws, which could enable attackers to disable security and gain kernel-level privileges, affect Amazon WorkSpaces and other cloud services that use USB over Ethernet.
‼ CVE-2021-41021 ‼
📖 Read
via "National Vulnerability Database".
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3815 ‼
📖 Read
via "National Vulnerability Database".
utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41013 ‼
📖 Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27860 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 could allow a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41063 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41030 ‼
📖 Read
via "National Vulnerability Database".
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36188 ‼
📖 Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers📖 Read
via "National Vulnerability Database".