โผ CVE-2021-23157 โผ
๐ Read
via "National Vulnerability Database".
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39621 โผ
๐ Read
via "National Vulnerability Database".
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126319๐ Read
via "National Vulnerability Database".
โผ CVE-2021-45068 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-45763 โผ
๐ Read
via "National Vulnerability Database".
GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44743 โผ
๐ Read
via "National Vulnerability Database".
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-1035 โผ
๐ Read
via "National Vulnerability Database".
In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-12Android ID: A-195668284๐ Read
via "National Vulnerability Database".
โผ CVE-2022-22290 โผ
๐ Read
via "National Vulnerability Database".
Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28506 โผ
๐ Read
via "National Vulnerability Database".
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-28500 โผ
๐ Read
via "National Vulnerability Database".
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA APIรขโฌโขs by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39627 โผ
๐ Read
via "National Vulnerability Database".
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42067 โผ
๐ Read
via "National Vulnerability Database".
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-46195 โผ
๐ Read
via "National Vulnerability Database".
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44703 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-20612 โผ
๐ Read
via "National Vulnerability Database".
Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44739 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39618 โผ
๐ Read
via "National Vulnerability Database".
In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39630 โผ
๐ Read
via "National Vulnerability Database".
In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44704 โผ
๐ Read
via "National Vulnerability Database".
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
๐ด The Cybersecurity Measures CTOs Are Actually Implementing ๐ด
๐ Read
via "Dark Reading".
Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.๐ Read
via "Dark Reading".
Dark Reading
The Cybersecurity Measures CTOs Are Actually Implementing
Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.
๐ด Russia Takes Down REvil Ransomware Operation, Arrests Key Members ๐ด
๐ Read
via "Dark Reading".
Timing of the move has evoked at least some skepticism from security experts about the country's true motives.๐ Read
via "Dark Reading".
Dark Reading
Russia Takes Down REvil Ransomware Operation, Arrests Key Members
Timing of the move has evoked at least some skepticism from security experts about the country's true motives.
โ๏ธ At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates โ๏ธ
๐ Read
via "Krebs on Security".
The Russian government said today it arrested 14 people accused of working for "REvil," a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin's decision to station 100,000 troops along the nation's border with Ukraine.๐ Read
via "Krebs on Security".
Krebs on Security
At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates
The Russian government said today it arrested 14 people accused of working for "REvil," a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) saidโฆ