βΌ CVE-2021-0893 βΌ
π Read
via "National Vulnerability Database".
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0894 βΌ
π Read
via "National Vulnerability Database".
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20608 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37863 βΌ
π Read
via "National Vulnerability Database".
Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40853 βΌ
π Read
via "National Vulnerability Database".
TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18078 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8968 βΌ
π Read
via "National Vulnerability Database".
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0674 βΌ
π Read
via "National Vulnerability Database".
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38883 βΌ
π Read
via "National Vulnerability Database".
IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32499 βΌ
π Read
via "National Vulnerability Database".
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4010 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0676 βΌ
π Read
via "National Vulnerability Database".
In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4009 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40850 βΌ
π Read
via "National Vulnerability Database".
TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.π Read
via "National Vulnerability Database".
β Malicious Joker App Scores Half-Million Downloads on Google Play β
π Read
via "Threat Post".
Joker malware was found lurking in the Color Message app, ready to fleece unsuspecting users with premium SMS charges.π Read
via "Threat Post".
Threat Post
Malicious Joker App Scores Half-Million Downloads on Google Play
Joker malware was found lurking in the Color Message app, ready to fleece unsuspecting users with premium SMS charges.
β Spider-Man Movie Release Frenzy Bites Fans with Credit-Card Harvesting β
π Read
via "Threat Post".
Attackers are using the excitement over the new Spider-Man movie to steal bank information and spread malware. π Read
via "Threat Post".
β Facebook Bans Spy-for-Hire Firms for Targeting 50K People β
π Read
via "Threat Post".
Meta, Facebookβs parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targetsβ phones.π Read
via "Threat Post".
Threat Post
Facebook Bans Spy-for-Hire Firms for Targeting 50K People
Meta, Facebookβs parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targetsβ phones.
π΄ Meta Acts Against 7 Entities Found Spying on 50,000 Users π΄
π Read
via "Dark Reading".
The parent company of Facebook and Instagram has warned some 50,000 account holders they are targets of surveillance.π Read
via "Dark Reading".
Dark Reading
Meta Acts Against 7 Entities Found Spying on 50,000 Users
The parent company of Facebook and Instagram has warned some 50,000 account holders they are targets of surveillance.
βΌ CVE-2021-23797 βΌ
π Read
via "National Vulnerability Database".
All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23803 βΌ
π Read
via "National Vulnerability Database".
This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23450 βΌ
π Read
via "National Vulnerability Database".
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.π Read
via "National Vulnerability Database".