β βVMWare Spring Cloudβ Java bug gives instant remote code execution β update now! β
π Read
via "Naked Security".
Easy unauthenticated remote code execution - PoC code already outπ Read
via "Naked Security".
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
Easy unauthenticated remote code execution β PoC code already out
π1
π΄ Cybercriminals Fighting Over Cloud Workloads for Cryptomining π΄
π Read
via "Dark Reading".
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Fighting Over Cloud Workloads for Cryptomining
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.
π΄ Smart Cities: Secure by Design? It Takes a Village π΄
π Read
via "Dark Reading".
Smart-city security breaches have potentially very serious consequences β they can be economically devastating and even life-threatening, if handled wrong.π Read
via "Dark Reading".
Dark Reading
Smart Cities: Secure by Design? It Takes a Village
Smart-city security breaches have potentially very serious consequences β they can be economically devastating and even life-threatening, if handled wrong.
β Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments β
π Read
via "Threat Post".
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.π Read
via "Threat Post".
Threat Post
Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.
βΌ CVE-2021-39751 βΌ
π Read
via "National Vulnerability Database".
In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-172838801π Read
via "National Vulnerability Database".
βΌ CVE-2021-39758 βΌ
π Read
via "National Vulnerability Database".
In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205130886π Read
via "National Vulnerability Database".
βΌ CVE-2021-39755 βΌ
π Read
via "National Vulnerability Database".
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407π Read
via "National Vulnerability Database".
βΌ CVE-2021-39784 βΌ
π Read
via "National Vulnerability Database".
In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477π Read
via "National Vulnerability Database".
βΌ CVE-2021-39739 βΌ
π Read
via "National Vulnerability Database".
In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194π Read
via "National Vulnerability Database".
βΌ CVE-2021-39742 βΌ
π Read
via "National Vulnerability Database".
In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602π Read
via "National Vulnerability Database".
βΌ CVE-2021-39779 βΌ
π Read
via "National Vulnerability Database".
In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-190400974π Read
via "National Vulnerability Database".
βΌ CVE-2022-20002 βΌ
π Read
via "National Vulnerability Database".
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657π Read
via "National Vulnerability Database".
βΌ CVE-2021-39776 βΌ
π Read
via "National Vulnerability Database".
In NFC, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192614125π Read
via "National Vulnerability Database".
βΌ CVE-2021-44312 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23801 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23797 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23794 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22772 βΌ
π Read
via "National Vulnerability Database".
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23798 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39746 βΌ
π Read
via "National Vulnerability Database".
In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194696395π Read
via "National Vulnerability Database".
βΌ CVE-2021-39786 βΌ
π Read
via "National Vulnerability Database".
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247π Read
via "National Vulnerability Database".