β Menswear Brand Zegna Reveals Ransomware Attack β
π Read
via "Threat Post".
Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay.π Read
via "Threat Post".
Threat Post
Menswear Brand Zegna Reveals Ransomware Attack
Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay.
βοΈ RaidForums Gets Raided, Alleged Admin Arrested βοΈ
π Read
via "Krebs on Security".
The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world's largest data breaches since 2015. The DOJ also charged the alleged administrator of RaidForums -- 21-year-old Diogo Santos Coelho, of Portugal -- with six criminal counts, including conspiracy, access device fraud and aggravated identity theft.π Read
via "Krebs on Security".
Krebs on Security
RaidForums Gets Raided, Alleged Admin Arrested
The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world's largestβ¦
βΌ CVE-2021-39804 βΌ
π Read
via "National Vulnerability Database".
In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215002587π Read
via "National Vulnerability Database".
βΌ CVE-2021-39794 βΌ
π Read
via "National Vulnerability Database".
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-205836329π Read
via "National Vulnerability Database".
βΌ CVE-2022-21202 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0707 βΌ
π Read
via "National Vulnerability Database".
In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2022-21803 βΌ
π Read
via "National Vulnerability Database".
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39797 βΌ
π Read
via "National Vulnerability Database".
In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104π Read
via "National Vulnerability Database".
βΌ CVE-2021-41004 βΌ
π Read
via "National Vulnerability Database".
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39798 βΌ
π Read
via "National Vulnerability Database".
In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213169612π Read
via "National Vulnerability Database".
βΌ CVE-2022-27472 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39805 βΌ
π Read
via "National Vulnerability Database".
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559π Read
via "National Vulnerability Database".
βΌ CVE-2022-27161 βΌ
π Read
via "National Vulnerability Database".
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsersπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42255 βΌ
π Read
via "National Vulnerability Database".
BeyondTrust AppGuard Enterprise through 6.6.20.2 creates a Temporary File in a Directory with Insecure Permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26109 βΌ
π Read
via "National Vulnerability Database".
When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28032 βΌ
π Read
via "National Vulnerability Database".
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-27140 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of Express-Fileupload v1.3.1 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28397 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28772 βΌ
π Read
via "National Vulnerability Database".
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27952 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21168 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure.π Read
via "National Vulnerability Database".