‼ CVE-2021-39655 ‼
📖 Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1012 ‼
📖 Read
via "National Vulnerability Database".
In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195412179📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39648 ‼
📖 Read
via "National Vulnerability Database".
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0976 ‼
📖 Read
via "National Vulnerability Database".
In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1015 ‼
📖 Read
via "National Vulnerability Database".
In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530496📖 Read
via "National Vulnerability Database".
❌ Relentless Log4j Attacks Include State Actors, Possible Worm ❌
📖 Read
via "Threat Post".
More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.📖 Read
via "Threat Post".
Threat Post
Relentless Log4j Attacks Include State Actors, Possible Worm
More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.
🕴 Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft 🕴
📖 Read
via "Dark Reading".
Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say.📖 Read
via "Dark Reading".
Dark Reading
Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft
Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say.
🕴 Companies Must Assess Threats to AI & ML Systems in 2022: Microsoft 🕴
📖 Read
via "Dark Reading".
Most companies lack the proper tools to assess their vulnerability to threats facing their AI systems and ML pipelines, prompting Microsoft to release a risk assessment framework.📖 Read
via "Dark Reading".
Darkreading
Companies Must Assess Threats to AI & ML Systems in 2022: Microsoft
Most companies lack the proper tools to assess their vulnerability to threats facing their AI systems and ML pipelines, prompting Microsoft to release a risk assessment framework.
‼ CVE-2021-45085 ‼
📖 Read
via "National Vulnerability Database".
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45096 ‼
📖 Read
via "National Vulnerability Database".
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45095 ‼
📖 Read
via "National Vulnerability Database".
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45100 ‼
📖 Read
via "National Vulnerability Database".
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45087 ‼
📖 Read
via "National Vulnerability Database".
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44023 ‼
📖 Read
via "National Vulnerability Database".
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45086 ‼
📖 Read
via "National Vulnerability Database".
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45102 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45101 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-45099 ‼
📖 Read
via "National Vulnerability Database".
** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against complex social engineering situations.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45088 ‼
📖 Read
via "National Vulnerability Database".
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45098 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45092 ‼
📖 Read
via "National Vulnerability Database".
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.📖 Read
via "National Vulnerability Database".