Google Android elevation of privilege vulnerability (CNVD-2021-45729)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Android runtime component of Google Android. An attacker can exploit this vulnerability to escalate privileges...

Vulnerability Spotlight: Multiple vulnerabilities in Synology SRM (Synology Router Manager)

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Claudio Bozzato and Jon Munshaw. Cisco Talos recently discovered multiple remote vulnerabilities in software that helps power Synology routers. The bugs exist in Synology Router Manager SRM — a Linux-based operating system f...

Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability

Talos Vulnerability Report TALOS-2020-1086 Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability October 30, 2020 CVE Number CVE-2020-27658 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality o...

Google, Intel Warn on 'Zero-Click' Kernel Bug in Linux-Based IoT Devices

Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things IoT devices. Click to Register! According to Google, the vulnerability affects users of Linux kernel...

Cellopoint Cellos Server-Side Request Forgery Vulnerability

Cellos is a Linux-based operating system optimized for mail security and mail scanning performance by Cellopoint. A server-side request forgery vulnerability exists in Cellopoint Cellos 4.1.10 Build 20190922. The vulnerability stems from the product's failure to properly validate incoming URLs,...

Microsoft Azure Sphere Capability access control privilege escalation vulnerability

Talos Vulnerability Report TALOS-2020-1133 Microsoft Azure Sphere Capability access control privilege escalation vulnerability August 24, 2020 CVE Number None SUMMARY A privilege escalation vulnerability exists in the Capability access control functionality of Microsoft Azure Sphere 20.06. A set ...

Microsoft Azure Sphere uid_map UID uniqueness privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the uidmap functionality of Microsoft Azure Sphere 20.06. A specially crafted uidmap file can cause multiple applications to get the same UID assigned, thus broadening the attack surface. An attacker can modify the uidmap file to trigger this...

Google Android System Information Disclosure Vulnerability (CNVD-2020-43679)

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. System is one of the system components. There is a security vulnerability in Google Android System. The vulnerability can be exploited by an attacker to gain access to information...

Google Android Framework Privilege Bypass Vulnerability (CNVD-2020-46323)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA, of which Framework is a component of the Android framework. A security vulnerability exists in Framework in Android version 10. An attacker can exploit the vulnerability to elevate privileges...

Netsweeper WebAdmin unixlogin.php Python Code Injection

This module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based...

Google Android System Information Disclosure Vulnerability (NVD-C-2020-89237)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the System component of Google Android 10. An attacker can exploit the vulnerability to obtain information...

Synology SRM DHCP monitor hostname parsing Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the DHCP monitor’s hostname parsing functionality of Synology SRM 1.2.3 MR2200ac 8017 and 1.2.3 RT2600ac 8017. A specially crafted network request can cause an out-of-bounds read resulting in a denial of service. An attacker can sen...

Samsung Mobile Device Buffer Overflow Vulnerability (CNVD-2020-30607)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices suffer from a buffer overflow vulnerability that can be exploited by an attacker to cause a heap buffer overflow...

Samsung Mobile Device Injection Vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices suffer from an injection vulnerability that can be exploited by attackers to cause arbitrary code execution...

Samsung Mobile Device Denial of Service Vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A denial of service vulnerability exists in Samsung mobile devices, which can be exploited by attackers to cause a denial of service...

Samsung Mobile Device Buffer Overflow Vulnerability (CNVD-2020-32809)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices suffer from a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system with the help of a...

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-40830)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices have a security vulnerability that can be exploited by attackers to bypass security restrictions...

Samsung Mobile Device Buffer Overflow Vulnerability (CNVD-2020-40818)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices have a security vulnerability that can be exploited by attackers to cause information leakage...

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as...

Android Media framework elevation of privilege vulnerability (CNVD-2020-16083)

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. Media Framework is one of the multimedia development frameworks. A security vulnerability exists in Media framework in Android. An attacker can exploit this vulnerability to elevate...