Forum

Message Boards Message Boards

Announcements

Security Vulnerabilities Notification

Security Vulnerabilities Notification
Answer
28 February 2022 11:51
Dear Creodias Users,
In the Security section customers will find information about latest and most critical security vulnerabilities, published in the last month by the SANS Institute (www.sans.org). Security vulnerabilities in software and hardware are very often used by cybercriminals to attack IT infrastructure and steal or destroy company's data, that is why companies are advice to fix those vulnerabilities as soon as possible. 

 ID: CVE-2021-1049  Title: Arbitrary code execution in Google Android versions Description: A malicious program can use this flaw to gain elevated access to the system. A logic issue in the Unisoc slogmodem has resulted in the vulnerability. With higher privileges, a local program can run arbitrary code. Affected Android versions: Android SoCAndroid ID: A-204256722 

 ID: CVE-2022-21874  Title: Remote code execution vulnerability in Microsoft Windows Security Center API Description: A remote attacker can use this flaw to execute arbitrary code on the victim system. The cause of this vulnerability is a flaw in the Windows Security Center API's input validation. A remote attacker can send a specially crafted request to the target system and execute arbitrary code. 

 
 ID: CVE-2021-45733  Title: Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102 Description: The function NTPSyncWithHost in TOTOLINK X5000R v9.1.0u.6118 B20201102 was discovered to have a command injection vulnerability. This vulnerability allows attackers to run arbitrary commands via the parameter host_time.  

ID: CVE-2021-39616  Title: Privilege escalation vulnerability in Google Android Description: This vulnerability has been found in Google Android (Smartphone Operating System). This vulnerability requires simple authentication for successful exploitation. Summary Product: AndroidVersions: Android SoCAndroid ID: A-204686438

 
ID: CVE-2021-39658  Title: Incorrect Default Permissions vulnerability in Google Android Description: ismsEx service is a vendor service in unisoc equipment. ismsEx service is an extension of SMS system service but it does not check the permissions of the caller resulting in permission leaks. Third-party apps can use this service to arbitrarily modify and set system properties. Product: AndroidVersions: Android SoCAndroid ID: A-207479207 

 ID: CVE-2022-21898  Title: Remote code execution vulnerability in Microsoft DirectX Graphics K
ernel Description: The problem exists because of incorrect input validation. An attacker can send a specially crafted request to the target system and have it executed arbitrary code. Successful exploitation will result in the entire compromise of the system.   
0 (0 Votes)