CyberSecurityBoard
Sponsor Register Login

CVE-2021-22457

A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write.

Publication date: Thu, 28 Oct 2021 18:15:00 +0000


Cyber News related to CVE-2021-22457

Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - A critical flaw (CVE-2025-24813) in Apache Tomcat allows attackers to take control of servers or steal sensitive data via malicious file uploads. We’ll also review recent regulatory developments, such as the European Union’s General Data ...
11 months ago Cybersecuritynews.com CVE-2025-24813 Qilin
Ivanti Connect Secure Vulnerability (CVE-2025-22457) Actively Exploited in the Wild - Ivanti has disclosed a critical vulnerability, CVE-2025-22457, affecting its Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways products that are actively exploited in the wild. The vulnerability was patched in Ivanti ...
11 months ago Cybersecuritynews.com CVE-2025-22457
New Attack Targeting Japanese Companies Exploiting Ivanti & Fortinet VPN Vulnerabilities - Once inside, attackers deploy various malware families including RokRAT, which enables data exfiltration to legitimate cloud storage services, and PlugX, utilized by the TELEBOYi attack group for command and control operations. A sophisticated cyber ...
7 months ago Cybersecuritynews.com CVE-2025-22457
5000+ Exposed Ivanti Connect Secure Devices Vulnerable to RCE Attacks - Over 5,113 Ivanti Connect Secure VPN appliances remain unpatched and vulnerable to the active exploitation of CVE-2025-22457, a critical stack-based buffer overflow vulnerability that enables remote code execution (RCE). “The vulnerability is a ...
11 months ago Cybersecuritynews.com CVE-2025-22457
CVE-2021-28352 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, ...
4 years ago
CVE-2021-28346 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, ...
4 years ago
CVE-2021-28358 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, ...
4 years ago
CVE-2021-28334 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, ...
4 years ago
CVE-2021-28341 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, ...
4 years ago
CVE-2021-28332 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, ...
4 years ago
CVE-2021-28335 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28336, CVE-2021-28337, ...
4 years ago
CVE-2021-46976 - In the Linux kernel, the following vulnerability has been resolved: ...
2 years ago
CVE-2021-45977 - JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm ...
4 years ago
CVE-2021-45511 - Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before ...
3 years ago
CVE-2021-22457 - A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write. ...
4 years ago
Ivanti patches Connect Secure zero-day exploited since mid-March - Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. While Ivanti has yet to disclose more details ...
11 months ago Bleepingcomputer.com CVE-2025-22457
Chinese Hackers Exploit Ivanti VPN Vulnerabilities to Infiltrate Organizations - A China-linked advanced persistent threat (APT) group has exploited critical vulnerabilities in Ivanti Connect Secure VPN appliances to infiltrate organizations across 12 countries and 20 industries, cybersecurity firm TeamT5 revealed in a report ...
10 months ago Cybersecuritynews.com CVE-2025-0282 Chimera
Threat Actors Exploiting Ivanti Connect Secure Vulnerabilities to Deploy Cobalt Strike Beacon - The ongoing attacks demonstrate advanced persistent threat techniques, deploying multiple malware families including MDifyLoader, Cobalt Strike Beacon, vshell, and Fscan to establish long-term access to compromised networks. Following initial ...
7 months ago Cybersecuritynews.com CVE-2025-0282
CVE-2022-22457 - IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007. ...
3 years ago
CVE-2024-22457 - Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through ...
1 year ago
CVE-2025-22457 - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. ...
10 months ago CVE-2023-46805 CVE-2025-22457 CVE-2024-55591
CVE-2023-22457 - CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of ...
3 years ago
1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities - A significant increase in suspicious scanning activity targeting Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN systems, signaling a potential coordinated reconnaissance effort by threat actors. This surge in scanning coincides with ...
10 months ago Cybersecuritynews.com CVE-2025-22457
CISA Adds Actively Exploits Ivanti Connect Secure Vulnerability in Known Exploited Catalog - If no compromise is detected, conduct a factory reset with a clean image for cloud/virtual systems, apply patches per Ivanti’s advisory (Connect Secure 22.7R2.6; Policy Secure and ZTA Gateways patches due April 21 and 19), monitor authentication ...
11 months ago Cybersecuritynews.com CVE-2025-22457

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)