Details Emerge on How Gaming Giant EA Was Hacked

0 Comments
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-25425
PUBLISHED: 2021-06-11

Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.

CVE-2021-28687
PUBLISHED: 2021-06-11

HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of them….

CVE-2021-28689
PUBLISHED: 2021-06-11

x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen’s novel approach to virtu…

CVE-2021-29754
PUBLISHED: 2021-06-11

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.

CVE-2021-25409
PUBLISHED: 2021-06-11

Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.