Aggregator

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 million Android devices in 197 countries. Doctor Web researchers uncovered a malware, tracked as Vo1d, that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries. The malicious code acts as a backdoor and allows attackers to download and install […]

掌握x64dbg，从基础到高级调试与自动化

该漏洞的严重性来自于其远程利用的可能性、无需用户交互以及低权限要求，可让攻击者以停止操作作业的所有者身份执行环境停止操作。

看雪论坛作者ID：Ratin

培训时间：10月22日09:00-18:00（峰会前一天）

A vulnerability has been found in Accellion FTA up to 9.12.370 and classified as critical. This vulnerability affects unknown code of the component Admin Endpoint. The manipulation leads to os command injection. This vulnerability was named CVE-2021-27104. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Windows up to Server 2019. It has been rated as critical. Affected by this issue is some unknown functionality of the component Win32k. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2021-28310. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in ARM Mali GPU Kernel Driver. It has been classified as critical. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2021-28663. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in ARM Mali GPU Kernel Driver. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is known as CVE-2021-28664. Access to the local network is required for this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in ARM Trusted Firmware-M up to 1.2. Affected is an unknown function of the component NSPE Handler Mode. The manipulation leads to denial of service. This vulnerability is traded as CVE-2021-27562. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Chrome and classified as critical. Affected by this issue is some unknown functionality of the component V8. The manipulation leads to type confusion. This vulnerability is handled as CVE-2021-30551. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. This affects an unknown part of the component WebGL Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2021-30554. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Kaseya Virtual System Administrator up to 9.5.6. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2021-30116. The attack can only be done within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Chrome. This vulnerability affects unknown code of the component v8. The manipulation leads to type confusion. This vulnerability was named CVE-2021-30563. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Adobe Acrobat Reader up to 2017.011.30194/2020.001.30020/2021.001.20150. This vulnerability affects unknown code. The manipulation leads to use after free. This vulnerability was named CVE-2021-28550. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Yealink Device Management 3.6.0.20 and classified as critical. Affected by this issue is some unknown functionality of the file /sm/api/v1/firewall/zone/services. The manipulation leads to command injection. This vulnerability is handled as CVE-2021-27561. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

网络安全为人民，网络安全靠人民