Monthly Archive: September 2021

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known...

In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako...

In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This...

In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have...

In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue...

In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista...

In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so....

An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded...

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check. Date published...

Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. Date published : 2021-09-09 https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=9

An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack. Date published : 2021-09-09 https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=9

An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak. Date published : 2021-09-09 https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=9

Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview. Date published : 2021-09-09 https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=9

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9