βΌ CVE-2021-22796 βΌ
π Read
via "National Vulnerability Database".
A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)π Read
via "National Vulnerability Database".
βΌ CVE-2020-14521 βΌ
π Read
via "National Vulnerability Database".
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0185 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39677 βΌ
π Read
via "National Vulnerability Database".
In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is Γ’β¬ΛzeroΓ’β¬β’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028π Read
via "National Vulnerability Database".
βΌ CVE-2021-39688 βΌ
π Read
via "National Vulnerability Database".
In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206039140References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39662 βΌ
π Read
via "National Vulnerability Database".
In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116π Read
via "National Vulnerability Database".
βΌ CVE-2021-22824 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)π Read
via "National Vulnerability Database".
βΌ CVE-2022-24924 βΌ
π Read
via "National Vulnerability Database".
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45386 βΌ
π Read
via "National Vulnerability Database".
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.cπ Read
via "National Vulnerability Database".
βΌ CVE-2022-24926 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39664 βΌ
π Read
via "National Vulnerability Database".
In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-203938029π Read
via "National Vulnerability Database".
βΌ CVE-2021-22798 βΌ
π Read
via "National Vulnerability Database".
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext? ComBox (All Versions)π Read
via "National Vulnerability Database".
βΌ CVE-2021-23597 βΌ
π Read
via "National Vulnerability Database".
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).π Read
via "National Vulnerability Database".
βΌ CVE-2022-24927 βΌ
π Read
via "National Vulnerability Database".
Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39666 βΌ
π Read
via "National Vulnerability Database".
In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-204445255π Read
via "National Vulnerability Database".
βΌ CVE-2022-23427 βΌ
π Read
via "National Vulnerability Database".
PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39671 βΌ
π Read
via "National Vulnerability Database".
In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206718630π Read
via "National Vulnerability Database".
ποΈ Google Project Zero hails dramatic acceleration in security bug remediation ποΈ
π Read
via "The Daily Swig".
Researchers credit greater transparency and responsible disclosure policies for improvements in the patching processπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google Project Zero hails dramatic acceleration in security bug remediation
Researchers credit greater transparency and responsible disclosure policies for improvements in the patching process
β Cybercrooks Frame Targets by Planting Fabricated Digital Evidence β
π Read
via "Threat Post".
The βModifiedElephantβ threat actors are technically unimpressive, but theyβve evaded detection for a decade, hacking human rights advocates' systems with dusty old keyloggers and off-the-shelf RATs.π Read
via "Threat Post".
Threat Post
Cybercrooks Frame Targets by Planting Fabricated Digital Evidence
The βModifiedElephantβ threat actors are technically unimpressive, but theyβve evaded detection for a decade, hacking human rights advocates' systems with dusty old keyloggers and off-the-shelf RATs.
π΄ Google Paid Record $8.7 Million to Bug Hunters in 2021 π΄
π Read
via "Dark Reading".
Company's Chrome and Android technologies continued to be target-rich environments for security researchers from around the world.π Read
via "Dark Reading".
Dark Reading
Google Paid Record $8.7 Million to Bug Hunters in 2021
Company's Chrome and Android technologies continued to be target-rich environments for security researchers from around the world.
βΌ CVE-2021-23555 βΌ
π Read
via "National Vulnerability Database".
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.π Read
via "National Vulnerability Database".