CVE-2021-23908

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution...

CVE-2021-28663

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0...

Business email compromise: How Microsoft is combating this costly threat

Amongst all cybercrime, phishing attacks continue to be the most prevalent today. With over 90 percent of attacks coming via email, it’s important that every organization has a plan to prevent these threats from reaching users. At Microsoft, we’re passionate about providing our customers with...

VulnCheck KEV: CVE-2021-28663

Arm Mali Graphics Processing Unit GPU kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information...

VulnCheck KEV: CVE-2021-28664

Arm Mali Graphics Processing Unit GPU kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt memory, and modify the memory of other processes...

Texas Instruments TI-RTOS-MCU 输入验证错误漏洞

The Texas Instruments TI-RTOS-MCU is an application system from Texas Instruments, Inc. A real-time operating system RTOS for microcontrollers MCUs. The Texas Instruments TI-RTOS-MCU has an input validation error vulnerability that originates from returning a valid pointer to a small buffer on a...

PT-2021-13477 · Nvidia · Nvidia Vgpu

Name of the Vulnerable Software and Affected Versions: NVIDIA vGPU software versions prior to 12.2 NVIDIA vGPU software versions prior to 11.4 NVIDIA vGPU software versions prior to 8.7 Description: The issue is related to an input length validation problem in the guest kernel mode driver and...

KOFFEE - Kia OFFensivE Exploit

This module exploits CVE-2020-8539, which is an arbitrary code execution vulnerability that allows an to attacker execute the micomd binary file on the head unit of Kia Motors. This module has been tested on SOP.003.30.18.0703, SOP.005.7.181019 and SOP.007.1.191209 head unit software versions. Th...

OSV-2021-594 Global-buffer-overflow in read_coding_unit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32791 Crash type: Global-buffer-overflow READ 1 Crash state: readcodingunit readcodingquadtree readcodingquadtree...

Women in Security Part 6: Meet Nandini De, Director of Engineering

This post is part of our Women’s History Month series - follow along with us on Twitter @VMwareCarbonBlack To conclude Women’s History Month, we are thrilled to bring you the last spotlight of our Women in Security series. It’s been an honor to highlight the outstanding women in the VMware Securi...

PT-2021-7535 · Samsung +1 · Samsung Mobile Devices +1

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Devices affected versions not specified Description: The issue is related to the use of memory after it has been freed when handling file descriptors in the Display and Enhancement Controller DECON driver of the Display...

CVE-2021-27452

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E all firmware versions prior to v04A00.1...

Hardcoded credentials

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E all firmware versions prior to v04A00.1...

CVE-2021-27452

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E all firmware versions prior to v04A00.1...

CVE-2021-27452

CVE-2021-27452 affects GE MU320E firmware prior to v04A00.1. The vulnerability is a hard-coded password that could allow an attacker with local access to take control of the merging unit. Affected product: MU320E (all firmware versions before v04A00.1). Remediation: GE-recommended upgrade to v04A...

PT-2021-17459 · Mu320E · Mu320E

Name of the Vulnerable Software and Affected Versions: MU320E versions prior to v04A00.1 Description: The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials. Recommendations: For versions prior to v04A00.1,...

GE MU320E Hardcoded Password Vulnerability

The MU320E is a process interface unit from GE with integrated analog and digital merge interfaces. A hard-coded password vulnerability exists in GE MU320E firmware prior to version 04A00.1. An attacker could exploit this vulnerability to take control of the Merge Unit...

GE MU320E Insufficient Encryption Strength Vulnerability

The MU320E is a process interface unit from GE with integrated analog and digital merge interfaces. An insufficient cryptographic strength vulnerability exists in the firmware prior to GE MU320E 04A00.1. The vulnerability stems from some aspects of the SSH server configuration file not being...

Grid Solutions GE Reason DR60 信任管理问题漏洞

The MU320E is a process interface unit from GE with integrated analog and digital merge interfaces. A hard-coded password vulnerability exists in GE MU320E firmware prior to version 04A00.1. An attacker could exploit this vulnerability to take control of the Merge Unit...

DEBIAN-CVE-2021-28089

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001...