108 matches found
ROS-2-2011
2.2011 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4JExploitation-VulnerabiliyCVE-2021-44228. !Untitled...
CVE-2021-25269
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention...
Design/Logic Flaw
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention...
CVE-2021-25269
CVE-2021-25269 describes a local unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced (and Advanced for Server) prior to 2.0.23, and Sophos Exploit Prevention prior to 3.8.3. This could allow a local administrator to prevent the HMPA service from starting despi...
CVE-2021-25269
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention...
Exploitation of the CVE-2021-40444 vulnerability in MSHTML
Summary Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. In attempt to exploit this vulnerability, attackers...
ROS-2-1896
2.1896 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotel...
ROS-2-1829
2.1829 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-2093
2.2093 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...
Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS)
The plugin does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF...
Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)
Summary Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 also known as PrintNightmare. Both vulnerabilities can be used by an attacker with a regular user account to take control of a vulnerable server or client...
Zero-day vulnerabilities in Microsoft Exchange Server
What happened? On March 2, 2021 several companies released reports about in-the-wild exploitation of zero-day vulnerabilities inside Microsoft Exchange Server. The following vulnerabilities allow an attacker to compromise a vulnerable Microsoft Exchange Server. As a result, an attacker will gain...
Updated firefox and nss packages fix security vulnerabilities
When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel...
Acronis: Subdomain Takeover – www.jet.acronis.com pointing to unclaimed Webflow services
Hi Team, Greetings! I've come across another subdomainwww.jet.acronis.com of acronis.com pointing to an unclaimed Webflow service. Visiting the www.jet.acronis.com returned the default 404 page for Webflow service, thereby making it potential for subdomain takeover. F940499 Similar to the previou...
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and control the bottom level, successful exploit could cau...
Microsoft Internet Explorer VBScript Engine CVE-2019-1390 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts may result in a denial of service condition. Internet explorer 9, 10, and 11 are...
Microsoft Internet Explorer Scripting Engine CVE-2019-1194 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Internet...
Microsoft Edge Chakra Scripting Engine CVE-2019-1062 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
SUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:1211-1) (Spectre)
This update for java-180-openjdk to version 8u212 fixes the following issues : Security issues fixed : CVE-2019-2602: Better String parsing bsc1132728. CVE-2019-2684: More dynamic RMI interactions bsc1132732. CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID bsc1132729. CVE-2018-3639: fix...