CVE-2021-39155

Technical details about CVE-2021-39155 are not publicly available in the provided connected documents. Monitor for updates; these sources do not specify affected products, vectors, impact, or fixes.

Fileless Malware Tops Critical Endpoint Threats for 1H 2020

In the first half of 2020, the most common critical-severity cybersecurity threat to endpoints was fileless malware, according to a recent analysis of telemetry data from Cisco. Fileless threats consist of malicious code that runs in memory after initial infection, instead of files being stored o...

Description of the Office Web Apps Server 2013 update: April 9, 2013

Description of the Office Web Apps Server 2013 update: April 9, 2013 INTRODUCTION Microsoft has released an update for Microsoft Office Web Apps Server 2013. This update provides the latest fixes for Office Web Apps Server 2013. Additionally, this update contains stability and performance...

Update for Work Folders improvements in Windows 7 SP1

Update for Work Folders improvements in Windows 7 SP1 About this update This update ensures that users are able to continue using Work Folders after they upgrade from Windows 7 SP1 to Windows 10. This update must be applied to the client before the upgrade, in order to maintain the sync partnersh...

WAGO PFC200 Cloud Connectivity TimeoutPrepared Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200. An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. Tested Versions WAGO PFC200 Firmware version...

WAGO PFC200 Cloud Connectivity Multiple Command Injection Vulnerabilities

Summary An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. Tested Versions WAGO PFC200 Firmware version 03.02.0214 WAGO...

WAGO PFC200 Cloud Connectivity Improper Host Validation Vulnerability

Summary An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An...

WAGO PFC200 Cloud Connectivity Remote Code Execution Vulnerability

Summary An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. Tested Versions WAGO PFC200 Firmware versi...

DHS Warning: Small Aircraft are Ripe for Hacking

The Department of Homeland Security issued an alert Tuesday warning that small aircraft are vulnerable to hackers that can gain physical access to a plane. It warned that a hacker can easily manipulate aircraft telemetry data, which can result in loss of control of the airplane. The bulletin was...

The evolution of Microsoft Threat Protection—July update

Modern security teams need to proactively, efficiently, and effectively hunt for threats across multiple attack vectors. To address this need, today we’re excited to give you a glimpse of a new threat hunting capability coming soon to Microsoft Threat Protection. Building off the threat hunting...

DRUPAL-CONTRIB-2019-014

Acquia Connector facilitates sending certain telemetry data to Acquia for the purposes of analysis. The module automates the collection of site information to speed support communication and issue resolution. It is required for use with the Acquia Insight service. The module does not properly...

Acquia Connector - Moderately critical - Access bypass - SA-CONTRIB-2019-014

Acquia Connector facilitates sending certain telemetry data to Acquia for the purposes of analysis. The module automates the collection of site information to speed support communication and issue resolution. It is required for use with the Acquia Insight service. The module does not properly...

Intel Rapid Storage Technology User Interface And Driver 15.9.0.1015 DLL Hijacking

Hi @ll, the executable installer of the Intelr Rapid Storage Technology Intelr RST User Interface and Driver, version 15.9.0.1015 LATEST for Windows 7, released 11/14/2017, available from via is SURPRISE! vulnerable! CVSS score: 7.5/HIGH CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H See Intel's...

Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw

A fresh botnet is spreading across the landscape, targeting router equipment. So far, hundreds of thousands of bot endpoints have already been identified, and they’re apparently being marshaled to send out massive amounts of spam. The botnet first emerged in September, according to 360Netlab...

Microsoft Office: Turn on telemetry data collection

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013telemetrydatacollection.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Turn on telemetry data collection Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net...

Android Variant of Notorious Pegasus Spyware Found

Researchers say a variant of the notorious surveillance software called Pegasus has been found targeting Android users, allowing third parties to take screenshots, capture audio, read email and exfiltrate data from targeted phones. The malware, called Chrysaor, was discovered through a joint effo...

Microsoft Shares Telemetry Data Collected from Windows 10 Users with 3rd-Party

Cyber security is a major challenge in today's world, as cyber attacks have become more automated and difficult to detect, where traditional cyber security practices and systems are no longer sufficient to protect businesses, governments, and other organizations. In past few years, Artificial...

Kyle and Stan Malvertising Network Nine Times Bigger

The Kyle and Stan malvertising network has a much bigger reach than first reported—about nine times bigger. In the two weeks since Cisco’s first report on the malicious ad distribution campaign, researchers had a chance to look closer at telemetry data, connect more dots and learn that nearly 6,5...

Microsoft Interflow Information-Sharing Platform Preview Open

Much like the Year of PKI that has never come to be, information sharing has been one of security’s more infamous non-starters. While successful in heavily siloed environments such as financial services, enterprises industry-wide are hesitant to share threat and security data for fear of losing a...