Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-25486: Samsung Mobile Security

Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.

CVE

Related news

QR Codes Help Attackers Sneak Emails Past Security Controls

A recently discovered campaign shows how attackers are constantly developing new techniques to deceive phishing victims.

'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks

Discovered during a recent incident response engagement, the malware avoids Russian computers and uses a single symmetric key for encrypting every compromised system.

Windows Zero-Day Actively Exploited in Widespread Espionage Campaign

The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers.

CVE-2021-25468: Samsung Mobile Security

A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.

CVE-2021-25491: Samsung Mobile Security

A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.

CVE-2021-25481: Samsung Mobile Security

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.

CVE-2021-25470: Samsung Mobile Security

An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.

CVE-2021-25457: Samsung Mobile Security

An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.

33% of Reported Phishing Emails Prove Malicious or Suspect

A new analysis from F-Secure details commonly used phishing phrases and methods seen in attacks.

CVE-2018-10923: 1610659 – (CVE-2018-10923) CVE-2018-10923 glusterfs: I/O to arbitrary devices on storage server

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907