An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19.3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4 junos:19.4R3-S4...
An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to...
A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of...
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. Date published : 2021-07-15 https://kb.acronis.com/content/68061 https://www.acronis.com/en-us/blog/
Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. Date published : 2021-07-15 https://kb.acronis.com/content/68396 https://www.acronis.com/en-us/blog/
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. Date published : 2021-07-15 https://github.com/brackeen/ok-file-formats/issues/8
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. Date published : 2021-07-15 https://github.com/brackeen/ok-file-formats/issues/7
A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. Date published : 2021-07-15 https://github.com/rockcarry/ffjpeg/issues/25
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. Date published : 2021-07-15 https://kb.acronis.com/content/68396 https://www.acronis.com/en-us/support/updates/index.html
Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. Date published : 2021-07-15 https://kb.acronis.com/content/68061 https://www.acronis.com/en-us/support/updates/index.html
DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default...
Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. Date published : 2021-07-15 https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Depstech%20Microscope%20Smart%20Kid%20Toy.pdf https://www.depstech.com/mw001-s02-wifi-usb-digital-microscope
DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. Date published : 2021-07-15 https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Depstech%20Microscope%20Smart%20Kid%20Toy.pdf https://www.depstech.com/mw001-s02-wifi-usb-digital-microscope
The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. Date published : 2021-07-15 http://www.magicsmotion.com/p-flamingo.html