Design/Logic Flaw

In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

U.S. Declares Emergency in 17 States Over Fuel Pipeline Cyber Attack

The ransomware attack against Colonial Pipeline's networks has prompted the U.S. Federal Motor Carrier Safety Administration FMCSA to issue a regional emergency declaration in 17 states and the District of Columbia D.C.. The declaration provides a temporary exemption to Parts 390 through 399 of t...

Colonial Pipeline’s Ransomware Attack Sparks Emergency Declaration

The Biden administration has declared a state of emergency that covers 17 states and Washington D.C. in the wake of the ransomware attack on the Colonial Pipeline Co., and is working with Colonial to restart operations. On Monday morning, FireEye also confirmed to Threatpost that it’s been called...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android 11. The vulnerability arises because the permission declaration in DeviceAdminReceiver.java may lack broadcast protection...

CVE-2021-23960

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...

CVE-2021-23960

The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...

CVE-2021-23960

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...

HEH P2P Botnet Sports Dangerous Wiper Function

A freshly discovered botnet dubbed HEH by researchers is casting a wide net, looking to infect any and all devices that use Telnet on ports 23/2323. It’s particularly destructive: It contains code that wipes all data from infected systems. Perhaps ironically, its operators also have a penchant fo...

OSV-2020-1644 Segv on unknown address in clang::Sema::PushDeclContext

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25059 Crash type: Segv on unknown address Crash state: clang::Sema::PushDeclContext clang::Sema::ActOnStartDelayedMemberDeclarations clang::Parser::ParseLexedPragmas...

OSV-2020-1455 Segv on unknown address in clang::Parser::ParseObjCInterfaceDeclList

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19088 Crash type: Segv on unknown address Crash state: clang::Parser::ParseObjCInterfaceDeclList clang::Parser::ParseObjCAtInterfaceDeclaration clang::Parser::ParseObjCAtDirectives...

CVE-2020-0122

In the permission declaration for com.google.android.providers.gsf.permission.WRITEGSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

Design/Logic Flaw

In the permission declaration for com.google.android.providers.gsf.permission.WRITEGSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

declaration-d-amour.fr Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1095367 Security Researcher geeknik Helped patch 8710 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting declaration-d-amour.fr...

Cybersecurity in the C-Suite & Boardroom

As the pace of digital transformation increases, an industry declaration has emerged, “Cybersecurity is a boardroom issue.” To create a culture of cybersecurity, executives need to be more engaged and present with their strategies...

CVE-2020-6856

An XML External Entity XEE vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders...

CVE-2019-6648

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration...

Design/Logic Flaw

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration...

CVE-2019-6648

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration...

CVE-2019-6648

CVE-2019-6648 affects F5 Container Ingress Services for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) version 1.9.0. When DEBUG logging is enabled, CIS log files may disclose BIG-IP secrets (SSL private keys and private key passphrases) supplied via an AS3 Declaration. Impact is exposure of s...

Visual Studio Information Disclosure Vulnerability

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity XXE declaration. To exploit the vulnerability, an attacker could...