What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-12-09 19:15:07 | CVE-2021-43797 (lien direct) | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.7.1.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.7.1.Final to receive a patch. | Guideline | ||
|
2021-12-09 16:15:08 | CVE-2021-21954 (lien direct) | A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution. | Vulnerability Guideline | ||
|
2021-12-09 16:15:08 | CVE-2021-21955 (lien direct) | An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability. | Vulnerability Guideline | ||
|
2021-12-08 22:15:09 | CVE-2021-43533 (lien direct) | When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94. | Vulnerability Guideline | ||
|
2021-12-08 22:15:09 | CVE-2021-43537 (lien direct) | An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | Vulnerability Guideline | ★★★ | |
|
2021-12-08 22:15:09 | CVE-2021-43544 (lien direct) | When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. | Vulnerability Guideline | ||
|
2021-12-08 22:15:09 | CVE-2021-43535 (lien direct) | A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. | Vulnerability Guideline | ★★ | |
|
2021-12-08 22:15:08 | CVE-2021-21950 (lien direct) | An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution. | Vulnerability Guideline | ||
|
2021-12-08 22:15:08 | CVE-2021-38506 (lien direct) | Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | Vulnerability Guideline | ||
|
2021-12-08 22:15:08 | CVE-2021-21951 (lien direct) | An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution. | Vulnerability Guideline | ||
|
2021-12-08 22:15:08 | CVE-2021-21957 (lien direct) | A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. | Vulnerability Guideline | ||
|
2021-12-08 22:15:08 | CVE-2021-23860 (lien direct) | An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed. | Vulnerability Guideline | ||
|
2021-12-08 22:15:08 | CVE-2021-38504 (lien direct) | When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | Vulnerability Guideline | ||
|
2021-12-08 19:15:10 | CVE-2021-43809 (lien direct) | `Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash. To exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside. This vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code. | Vulnerability Guideline | ||
|
2021-12-08 15:15:10 | CVE-2021-37097 (lien direct) | There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart. | Vulnerability Guideline | ||
|
2021-12-08 15:15:09 | CVE-2021-37075 (lien direct) | There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. | Vulnerability Guideline | ||
|
2021-12-08 15:15:09 | CVE-2021-37093 (lien direct) | There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages. | Vulnerability Guideline | ||
|
2021-12-08 15:15:09 | CVE-2021-37092 (lien direct) | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | Vulnerability Guideline | ||
|
2021-12-08 15:15:09 | CVE-2021-37069 (lien direct) | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | Vulnerability Guideline | ||
|
2021-12-08 15:15:09 | CVE-2021-37074 (lien direct) | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation. | Vulnerability Guideline | ||
|
2021-12-08 11:15:11 | CVE-2021-31850 (lien direct) | A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server. | Vulnerability Guideline | ||
|
2021-12-08 05:15:07 | CVE-2018-25020 (lien direct) | The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. | Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37079 (lien direct) | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37080 (lien direct) | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | Vulnerability Guideline | ★★★★ | |
|
2021-12-07 17:15:09 | CVE-2021-37095 (lien direct) | There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37081 (lien direct) | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to nearby crash. | Vulnerability Guideline | ★★★★★ | |
|
2021-12-07 17:15:09 | CVE-2021-37073 (lien direct) | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the detection result is tampered with. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37090 (lien direct) | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37088 (lien direct) | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can write any content to any file. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37085 (lien direct) | There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37086 (lien direct) | There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across the UID sandbox. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37089 (lien direct) | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel restart. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37072 (lien direct) | There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37091 (lien direct) | There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37096 (lien direct) | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37084 (lien direct) | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious invoking other functions of the Smart Assistant through text messages. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37077 (lien direct) | There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel crash. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37087 (lien direct) | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can create arbitrary file. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37076 (lien direct) | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37078 (lien direct) | There is a Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote Denial of Service. | Vulnerability Guideline | ★★★★ | |
|
2021-12-07 17:15:09 | CVE-2021-37071 (lien direct) | There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37100 (lien direct) | There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37094 (lien direct) | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system denial of service. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37099 (lien direct) | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37083 (lien direct) | There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Denial of Service Attacks. | Vulnerability Guideline | ||
|
2021-12-07 17:15:09 | CVE-2021-37082 (lien direct) | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to motionhub crash. | Vulnerability Guideline | ||
|
2021-12-07 17:15:08 | CVE-2021-37067 (lien direct) | There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality impacted. | Vulnerability Guideline | ||
|
2021-12-07 17:15:08 | CVE-2021-37011 (harmonyos) (lien direct) | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. | Vulnerability Guideline | ||
|
2021-12-07 17:15:08 | CVE-2021-37066 (lien direct) | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. | Vulnerability Guideline | ||
|
2021-12-07 17:15:08 | CVE-2021-37021 (lien direct) | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
