βΌ CVE-2021-39662 βΌ
π Read
via "National Vulnerability Database".
In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116π Read
via "National Vulnerability Database".
βΌ CVE-2021-22824 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)π Read
via "National Vulnerability Database".
βΌ CVE-2022-24924 βΌ
π Read
via "National Vulnerability Database".
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45386 βΌ
π Read
via "National Vulnerability Database".
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.cπ Read
via "National Vulnerability Database".
βΌ CVE-2022-24926 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39664 βΌ
π Read
via "National Vulnerability Database".
In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-203938029π Read
via "National Vulnerability Database".
βΌ CVE-2021-22798 βΌ
π Read
via "National Vulnerability Database".
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext? ComBox (All Versions)π Read
via "National Vulnerability Database".
βΌ CVE-2021-23597 βΌ
π Read
via "National Vulnerability Database".
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).π Read
via "National Vulnerability Database".
βΌ CVE-2022-24927 βΌ
π Read
via "National Vulnerability Database".
Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39666 βΌ
π Read
via "National Vulnerability Database".
In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-204445255π Read
via "National Vulnerability Database".
βΌ CVE-2022-23427 βΌ
π Read
via "National Vulnerability Database".
PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39671 βΌ
π Read
via "National Vulnerability Database".
In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206718630π Read
via "National Vulnerability Database".
ποΈ Google Project Zero hails dramatic acceleration in security bug remediation ποΈ
π Read
via "The Daily Swig".
Researchers credit greater transparency and responsible disclosure policies for improvements in the patching processπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google Project Zero hails dramatic acceleration in security bug remediation
Researchers credit greater transparency and responsible disclosure policies for improvements in the patching process
β Cybercrooks Frame Targets by Planting Fabricated Digital Evidence β
π Read
via "Threat Post".
The βModifiedElephantβ threat actors are technically unimpressive, but theyβve evaded detection for a decade, hacking human rights advocates' systems with dusty old keyloggers and off-the-shelf RATs.π Read
via "Threat Post".
Threat Post
Cybercrooks Frame Targets by Planting Fabricated Digital Evidence
The βModifiedElephantβ threat actors are technically unimpressive, but theyβve evaded detection for a decade, hacking human rights advocates' systems with dusty old keyloggers and off-the-shelf RATs.
π΄ Google Paid Record $8.7 Million to Bug Hunters in 2021 π΄
π Read
via "Dark Reading".
Company's Chrome and Android technologies continued to be target-rich environments for security researchers from around the world.π Read
via "Dark Reading".
Dark Reading
Google Paid Record $8.7 Million to Bug Hunters in 2021
Company's Chrome and Android technologies continued to be target-rich environments for security researchers from around the world.
βΌ CVE-2021-23555 βΌ
π Read
via "National Vulnerability Database".
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22766 βΌ
π Read
via "National Vulnerability Database".
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24975 βΌ
π Read
via "National Vulnerability Database".
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20001 βΌ
π Read
via "National Vulnerability Database".
It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26728 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request.π Read
via "National Vulnerability Database".
β Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa β
π Read
via "Threat Post".
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.π Read
via "Threat Post".
Threat Post
Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.