NortonLifeLock and Avast tie-up falls under UK competition regulator's spotlight
The UK's Competition and Markets Authority has invited comments from industry and interested...
New SolarWinds Serv-U vulnerability exploited in Log4j-related attacks
Attackers looking to exploit recently discovered Log4j vulnerabilities are also trying to take...
Microsoft fixes Windows 10 search issues in Outlook desktop app
Microsoft has fixed a known issue causing search issues for Outlook users after installing...
483 Crypto.com accounts compromised in $34 million hack
Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of...
Red Cross forced to shutter family reunion service following cyberattack and data leak
Humanitarian organization the International Red Cross disclosed this week that it has fallen...
Being “Threat-Led” is the answer. Your ISO certificate won’t save you from a breach!
Another CISO walks into a board meeting and muddles through stats showing their compliance...
McAfee and FireEye rename themselves ‘Trellix’
Newly combined security outfits McAfee and FireEye have revealed a new name:...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
| Vendor | Last 12 months | # |
| 1252 | ||
| Fedoraproject | 995 | |
| Microsoft | 955 | |
| Debian | 717 | |
| Oracle | 707 |
Latest Vulnerabilities
-
CVE-2021-0959 - Improper Privilege Management vulnerability in Google Android 12.0
7.2In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed....
-
CVE-2021-1035 - Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 10.0/12.0
7.2In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local...
-
CVE-2021-39618 - Improper Privilege Management vulnerability in Google Android
7.2In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation...
-
CVE-2021-39620 - Use After Free vulnerability in Google Android 11.0/12.0
7.2In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges...
-
CVE-2021-39622 - Improper Preservation of Permissions vulnerability in Google Android 10.0/11.0/12.0
7.2In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
Latest Critical Vulnerabilities
-
CVE-2021-39623 - Improper Privilege Management vulnerability in Google Android
10.0In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution...
-
CVE-2022-23118 - Improper Privilege Management vulnerability in Jenkins Debian Package Builder
9.0Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing...
-
CVE-2021-42561
9.0An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters...
-
CVE-2022-21837 - Code Injection vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server
9.0Microsoft SharePoint Server Remote Code Execution Vulnerability.
-
CVE-2022-21841 - Unspecified vulnerability in Microsoft 365 Apps and Office
9.3Microsoft Excel Remote Code Execution Vulnerability.
-
CVE-2022-21849 - Unspecified vulnerability in Microsoft products
9.3Windows IKE Extension Remote Code Execution Vulnerability.
-
CVE-2022-21850 - Unspecified vulnerability in Microsoft products
9.3Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21851.
-
CVE-2022-21851 - Unspecified vulnerability in Microsoft products
9.3Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21850.