❌ Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments ❌
📖 Read
via "Threat Post".
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.📖 Read
via "Threat Post".
Threat Post
Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.
‼ CVE-2021-39751 ‼
📖 Read
via "National Vulnerability Database".
In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-172838801📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39758 ‼
📖 Read
via "National Vulnerability Database".
In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205130886📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39755 ‼
📖 Read
via "National Vulnerability Database".
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39784 ‼
📖 Read
via "National Vulnerability Database".
In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39739 ‼
📖 Read
via "National Vulnerability Database".
In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39742 ‼
📖 Read
via "National Vulnerability Database".
In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39779 ‼
📖 Read
via "National Vulnerability Database".
In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-190400974📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20002 ‼
📖 Read
via "National Vulnerability Database".
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39776 ‼
📖 Read
via "National Vulnerability Database".
In NFC, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192614125📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44312 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23801 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23797 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23794 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22772 ‼
📖 Read
via "National Vulnerability Database".
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23798 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39746 ‼
📖 Read
via "National Vulnerability Database".
In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194696395📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39786 ‼
📖 Read
via "National Vulnerability Database".
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44310 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39744 ‼
📖 Read
via "National Vulnerability Database".
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192369136📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39787 ‼
📖 Read
via "National Vulnerability Database".
In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202506934📖 Read
via "National Vulnerability Database".