Details Emerge on How Gaming Giant EA Was Hacked

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-25425
PUBLISHED: 2021-06-11

Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.

PUBLISHED: 2021-06-11

HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of them….

PUBLISHED: 2021-06-11

x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen’s novel approach to virtu…

PUBLISHED: 2021-06-11

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.

PUBLISHED: 2021-06-11

Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.