85 matches found
EUVD-2021-16049
Malware in sbrugna...
CVE-2021-35062
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server...
K02566623: Overview of F5 vulnerabilities (March 2021)
Security Advisory Description On March 10th, 2021, F5 announced twenty-one 21 CVEs, including four Critical vulnerabilities. This document is intended to serve as an overview of these vulnerabilities to help determine the impact on your F5 devices. The details of each issue can be found in the...
Chinese Tonto Team Hackers' Second Attempt to Target Cybersecurity Firm Group-IB Fails
The advanced persistent threat APT actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's als...
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain
Posted by Maddie Stone, Project Zero Note: The three vulnerabilities discussed in this blog were all fixed in Samsung’s March 2021 release. They were fixed as CVE-2021-25337, CVE-2021-25369, CVE-2021-25370. To ensure your Samsung device is up-to-date under settings you can check that your device ...
Security Updates for Microsoft Excel Products C2R (March 2021)
The Microsoft Excel Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2021-27053, CVE-2021-27054,...
Security Updates for Microsoft Office Products C2R (March 2021)
The Microsoft Office Products are missing security updates. They are affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2021-24108, CVE-2021-27058 C Tenable Network Security, Inc. The descriptiv...
Security Updates for Microsoft PowerPoint Products C2R (March 2021)
The Microsoft PowerPoint Products are missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2021-27056 C Tenable Network...
Security Updates for Microsoft Visio Products C2R (March 2021)
The Microsoft Visio Products are missing a security update. It is, therefore, affected by the following vulnerability: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the...
Design/Logic Flaw
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server...
CVE-2021-35061
Multiple cross-site scripting XSS vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components...
Audio equipment giant Bose hit by ransomware attack, data breach
By Deeba Ahmed The audio equipment manufacturer Bose has confirmed that it was a victim of a ransomware attack and experience a data breach on 7 March 2021. This is a post from HackRead.com Read the original post: Audio equipment giant Bose hit by ransomware attack, data breach...
CVE-2021-25370
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic...
CVE-2021-25371
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP...
SAMSUNG Mobile devices 安全漏洞
Samsung SMR is a system firmware from Samsung South Korea. It provides storage for system applications. A security vulnerability exists in SMR MAR-2021 Release 1, which stems from an improper access control vulnerability that exposes sensitive kernel information to user space. No detailed...
PT-2021-16562 · Samsung · Samsung Mobile Devices
Name of the Vulnerable Software and Affected Versions: Samsung Mobile Devices versions prior to SMR Mar-2021 Release 1 Description: A vulnerability in the DSP driver allows attackers to load arbitrary ELF libraries inside the DSP. This issue affects Samsung Mobile Devices. Recommendations: For...
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021
On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory 25 March 2021, "https://www.openssl.org/news/secadv/20210325.txt" that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authori...
Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this...
Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerability
A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this...
Cisco IOS XE Software Fast Reload Vulnerabilities
Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3650, Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating...