Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is a boot loader used in Linux-based embedded systems such as ChromeOS as well as

The Hacker News
#vulnerability#amazon#linux#dos#buffer_overflow#chrome#The Hacker News
Google May Owe You a Chunk of $100 Million

Plus: The US admits to cyber operations supporting Ukraine, SCOTUS investigates its own, and a Michael Flynn surveillance mystery is solved.

Google May Owe You a Chunk of $100 Million

Plus: The US admits to cyber operations supporting Ukraine, SCOTUS investigates its own, and a Michael Flynn surveillance mystery is solved.

YourCyanide Ransomware Propagates With PasteBin, Discord, Microsoft Links

The latest iteration of CMD-based ransomware is sophisticated and tricky to detect – and integrates token theft and worming capabilities into its feature set.

CVE-2021-42892: vuln/totolink_ex1200t_telnet_default.md at main · p1Kk/vuln

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.

CVE-2021-42890: vuln/totolink_ex1200t_hosttime_rce.md at main · p1Kk/vuln

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.

CVE-2021-42888: vuln/totolink_ex1200t_langtype_rce.md at main · p1Kk/vuln

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.

CVE-2021-42886: vuln/totolink_ex1200t_exportsettings_leak.md at main · p1Kk/vuln

TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.

CVE-2021-42885: vuln/totolink_ex1200t_devicemac_rce.md at main · p1Kk/vuln

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.

CVE-2021-42884: vuln/totolink_ex1200t_devicename_rce.md at main · p1Kk/vuln

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.