βΌ CVE-2021-45786 βΌ
π Read
via "National Vulnerability Database".
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.π Read
via "National Vulnerability Database".
π΄ Would 'Cyber Geneva Conventions' Defuse Online Aggression? π΄
π Read
via "Dark Reading".
International treaties could force nation-states to police bad actors within their borders to avoid penalties.π Read
via "Dark Reading".
Dark Reading
Would 'Cyber Geneva Conventions' Defuse Online Aggression?
International treaties could force nation-states to police bad actors within their borders to avoid penalties.
ποΈ HackerOne lifts βsanctionsβ against Ukrainian hackers ποΈ
π Read
via "The Daily Swig".
Platform apologizes for βpoor communicationβ over bug bounty payoutsπ Read
via "The Daily Swig".
π1
βΌ CVE-2021-39711 βΌ
π Read
via "National Vulnerability Database".
In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40767 βΌ
π Read
via "National Vulnerability Database".
Adobe Character Animator version 4.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40787 βΌ
π Read
via "National Vulnerability Database".
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39712 βΌ
π Read
via "National Vulnerability Database".
In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39792 βΌ
π Read
via "National Vulnerability Database".
In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0811 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39713 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42722 βΌ
π Read
via "National Vulnerability Database".
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39715 βΌ
π Read
via "National Vulnerability Database".
In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39725 βΌ
π Read
via "National Vulnerability Database".
In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-20257 βΌ
π Read
via "National Vulnerability Database".
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39692 βΌ
π Read
via "National Vulnerability Database".
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539π Read
via "National Vulnerability Database".
βΌ CVE-2021-39720 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40742 βΌ
π Read
via "National Vulnerability Database".
Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25246 βΌ
π Read
via "National Vulnerability Database".
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40788 βΌ
π Read
via "National Vulnerability Database".
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39714 βΌ
π Read
via "National Vulnerability Database".
In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2022-26660 βΌ
π Read
via "National Vulnerability Database".
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used.π Read
via "National Vulnerability Database".