ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A, Security Vulnerabilities
Attackers Behind Trickbot Expanding Malware Distribution Channels
The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti. The threat actor, tracked under the monikers ITG23 and Wizard Spider, has....
0.7AI Score
charlotte-klproperties.com Cross Site Scripting vulnerability OBB-2145720
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its...
AI Score
EFB Tampering. Approach and Landing Performance Part 2
Approach and Landing Performance Part 2: Approach Speeds, Cold Weather Corrections, Sources of Data Click here for part 1 Target: Approach speed calculation The speed at which aircraft fly on approach depends on a variety of factors including: Aircraft weight Flap setting Wind direction/speed ...
6.9AI Score
EFB Tampering. Approach and Landing Performance Part 1
Approach and Landing Performance Part 1: Introduction and Landing Distance Calculations Click here for part 2 TL;DR Approach and landing performance applications perform calculations to provide critical performance data to pilots (e.g. speed / flap settings on approach) Modifying any one of these.....
6.9AI Score
Cybersecurity’s next fight: How to protect employees from online harassment
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Leigh Honeywell, CEO and Co-founder of...
0.4AI Score
Cybersecurity’s next fight: How to protect employees from online harassment
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Leigh Honeywell, CEO and Co-founder of...
0.4AI Score
Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang
Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate. The latest findings from IBM X-Force show that the ransomware sample shares similarities to....
0.9AI Score
There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly...
4.6CVSS
0.001EPSS
There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly...
4.6CVSS
4.7AI Score
0.001EPSS
There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly...
4.6CVSS
4.6AI Score
0.001EPSS
There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly...
4.9AI Score
0.001EPSS
Security update for the Linux Kernel (important)
An update that solves 52 vulnerabilities and has 250 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-33200: Enforcing incorrect limits for pointer...
9.8CVSS
0.3AI Score
0.006EPSS
Security update for the Linux Kernel (important)
An update that solves 52 vulnerabilities and has 187 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-33200: Enforcing incorrect limits for pointer...
9.8CVSS
0.3AI Score
0.006EPSS
Security Advisory - Path Traversal Vulnerability in Some Huawei Products
There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly...
4.6CVSS
4.9AI Score
0.001EPSS
Charlotte - C++ Fully Undetected Shellcode Launcher
c++ fully undetected shellcode launcher ;) releasing this to celebrate the birth of my newborn description 13/05/2021: c++ shellcode launcher, fully undetected 0/26 as of 13th May 2021. dynamic invoking of win32 api functions XOR encryption of shellcode and function names randomised XOR keys...
7.3AI Score
CyberBattleSim is an experimentation research platform to investigate the interaction of automated agents operating in a simulated abstract enterprise network environment. The simulation provides a high-level abstraction of computer networks and cyber security concepts. Its Python-based Open AI...
7.7AI Score
9.6CVSS
7.7AI Score
0.638EPSS
Debian DSA-4906-1 : chromium - security update
Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21201 Gengming Liu and Jianyu Chen discovered a use-after-free issue. CVE-2021-21202 David Erceg discovered a use-after-free issue in extensions. CVE-2021-21203 asnine discovered a...
9.6CVSS
8.8AI Score
0.638EPSS
[SECURITY] [DSA 4906-1] chromium security update
Debian Security Advisory DSA-4906-1 [email protected] https://www.debian.org/security/ Michael Gilbert April 27, 2021 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2021-21201 CVE-2021-21202...
9.6CVSS
9.2AI Score
0.638EPSS
7.8CVSS
7.8AI Score
EPSS
FreeBSD : chromium -- multiple vulnerabilities (f3d86439-9def-11eb-97a0-e09467587c17)
Chrome Releases reports : This release contains 37 security fixes, including : [1025683] High CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-18 [1188889] High CVE-2021-21202: Use after free in extensions. Reported by...
9.6CVSS
-0.2AI Score
0.492EPSS
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 90 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 90.0.4430.72 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming.....
9.6CVSS
7.2AI Score
0.492EPSS
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 37 security fixes, including: [1025683] High CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-18 [1188889] High CVE-2021-21202: Use after free in...
9.6CVSS
1.1AI Score
0.492EPSS
Akamai Titans 2020: Celebrating Outstanding Achievements
To Akamai's Co-Founder Danny Lewin, calling someone a "Titan" was the highest praise he would give. Danny himself was a remarkably talented and hard-working leader whose heart, passion, and spirit still inspire us. Today, Danny's accolade is used to honor those exceptional people who are known for....
-0.1AI Score
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies...
8.1CVSS
0.002EPSS
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies...
8.1CVSS
7.8AI Score
0.002EPSS
** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies...
8.1CVSS
7.8AI Score
0.002EPSS
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies...
8AI Score
0.002EPSS
International Women’s Day: Women in tech name their heroes
Happy Monday! And if you haven’t yet checked the significance of this day—March 8—before grabbing coffee, today is International Women’s Day (IWD). Since March 19, 1911, the year the very first IWD was observed in several European countries, millions of people have been calling for women to be...
-0.4AI Score
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal...
7.1CVSS
0.0004EPSS
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash,...
3.3CVSS
0.0004EPSS
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash,...
3.3CVSS
4.2AI Score
0.0004EPSS
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1,...
7.5CVSS
0.002EPSS
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1,...
7.5CVSS
7.3AI Score
0.002EPSS
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal...
7.1CVSS
6.8AI Score
0.0004EPSS
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash,...
3.3CVSS
4.1AI Score
0.0004EPSS
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal...
7.1CVSS
6.7AI Score
0.0004EPSS
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1,...
7.5CVSS
7.3AI Score
0.002EPSS
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash,...
4.3AI Score
0.0004EPSS
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1,...
7.5AI Score
0.002EPSS
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal...
7AI Score
0.0004EPSS
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash,...
3.3CVSS
0.001EPSS
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash,...
3.3CVSS
4.2AI Score
0.001EPSS
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash,...
3.3CVSS
4AI Score
0.001EPSS
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash,...
4.3AI Score
0.001EPSS
Security Advisory - Out-of-Bound Read Vulnerability in Huawei Smartphone
There is an out-of-bound read vulnerability in Huawei smartphone. A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service. (Vulnerability ID: HWPSIRT-2020-04158)...
7.1CVSS
6.4AI Score
0.0004EPSS
Security Advisory - Use After Free Vulnerability in Huawei Smartphone
There is a use after free vulnerability in smartphone. A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal...
3.3CVSS
4.8AI Score
0.0004EPSS
Security Advisory - Pointer Double Free Vulnerability in Huawei Smartphone
There is a pointer double free vulnerability in Huawei smartphone. There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal...
3.3CVSS
4.7AI Score
0.001EPSS
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common...
5.5CVSS
5.4AI Score
0.001EPSS
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common...
5.5CVSS
5.4AI Score
0.001EPSS