‼ CVE-2021-0927 ‼
📖 Read
via "National Vulnerability Database".
In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0986 ‼
📖 Read
via "National Vulnerability Database".
In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192247339📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39657 ‼
📖 Read
via "National Vulnerability Database".
In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1027 ‼
📖 Read
via "National Vulnerability Database".
In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193033243📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45078 ‼
📖 Read
via "National Vulnerability Database".
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0926 ‼
📖 Read
via "National Vulnerability Database".
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39655 ‼
📖 Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1012 ‼
📖 Read
via "National Vulnerability Database".
In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195412179📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39648 ‼
📖 Read
via "National Vulnerability Database".
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0976 ‼
📖 Read
via "National Vulnerability Database".
In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1015 ‼
📖 Read
via "National Vulnerability Database".
In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530496📖 Read
via "National Vulnerability Database".
❌ Relentless Log4j Attacks Include State Actors, Possible Worm ❌
📖 Read
via "Threat Post".
More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.📖 Read
via "Threat Post".
Threat Post
Relentless Log4j Attacks Include State Actors, Possible Worm
More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.
🕴 Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft 🕴
📖 Read
via "Dark Reading".
Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say.📖 Read
via "Dark Reading".
Dark Reading
Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft
Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say.
🕴 Companies Must Assess Threats to AI & ML Systems in 2022: Microsoft 🕴
📖 Read
via "Dark Reading".
Most companies lack the proper tools to assess their vulnerability to threats facing their AI systems and ML pipelines, prompting Microsoft to release a risk assessment framework.📖 Read
via "Dark Reading".
Darkreading
Companies Must Assess Threats to AI & ML Systems in 2022: Microsoft
Most companies lack the proper tools to assess their vulnerability to threats facing their AI systems and ML pipelines, prompting Microsoft to release a risk assessment framework.
‼ CVE-2021-45085 ‼
📖 Read
via "National Vulnerability Database".
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45096 ‼
📖 Read
via "National Vulnerability Database".
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45095 ‼
📖 Read
via "National Vulnerability Database".
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45100 ‼
📖 Read
via "National Vulnerability Database".
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45087 ‼
📖 Read
via "National Vulnerability Database".
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44023 ‼
📖 Read
via "National Vulnerability Database".
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45086 ‼
📖 Read
via "National Vulnerability Database".
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.📖 Read
via "National Vulnerability Database".