Backdoor.Win32.WinShell.50 Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0faecbdfccf3144d487971ed47f3665c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.50 Vulnerability: Weak Hardcoded Password Description: The malware listens o...

CVE-2021-25481

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory...

CVE-2021-25481

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory...

Input validation

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory...

CVE-2021-25481

The CVE-2021-25481 entry concerns Samsung Exynos CPU (Exynos CP) booting driver. It reports improper error handling that allows local attackers to bypass the Secure Memory Protector of Exynos CP Memory prior to SMR Oct-2021 Release 1. Public references in the provided documents corroborate the ex...

CVE-2021-25481

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory...

Eaton IPM Arbitrary File Deletion (CVE-2021-23278)

An arbitrary file deletion vulnerability exists in Eaton Intelligent Power Management and Eaton Intelligent Power Protector. The vulnerability is due to missing input validation in mapssrv.js and nodeupgradesrv.js...

Exposure of Sensitive Information in keycloak

A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events...

CVE-2021-22517

A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended...

CVE-2021-22517

A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended...

Privilege escalation

A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended...

CVE-2021-22517

CVE-2021-22517 affects Micro Focus Data Protector. The provided documents consistently identify a potential unauthorized privilege escalation that could allow a privileged user to gain unauthorized access to data. Affected versions include 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 1...

CVE-2021-22517

A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended...

Micro Focus Data Protector 安全漏洞

Micro Focus Data Protector is a suite of unified data protection solutions from Micro Focus UK. The product protects data across all physical and virtual environments by utilizing an intelligent data management approach that provides tri-party application source, standby server and target device...

Advisory ROSA-SA-2021-1838

Software: gcc 4.8.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-12886 CVE-Crit: HIGH CVE-DESC: stackprotectprologue in cfgexpand.c and stackprotectepilogue in function.c in GNU Compiler Collection GCC 4.1 through 8 under certain circumstances generate sequences of instructions when targeting ARM targets that...

Don't Risk Getting Caught by Kr3pto Phishing Kits

Akamai's threat research team recently published a report showing that a new phishing toolkit named Kr3pto was targeting UK banking customers. A phishing kit is an all-in-one software package that lets just about anyone create and launch phishing attacks designed to steal user data by posing as a...

CVE-2021-22494

An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q10.0 software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate FRR can occu...

CVE-2021-22494

An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q10.0 software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate FRR can occu...

Code injection

An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q10.0 software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate FRR can occu...

CVE-2021-22494

Summary: CVE-2021-22494 affects Samsung Note20 devices running Q (10.0) software. The fingerprint scanner may misbehave when a screen protector is used because the required image compensation is not present during enrollment. This can lead to inversion and a high False Recognition Rate (FRR). The...