βΌ CVE-2021-1912 βΌ
π Read
via "National Vulnerability Database".
Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-1975 βΌ
π Read
via "National Vulnerability Database".
Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-1924 βΌ
π Read
via "National Vulnerability Database".
Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-1981 βΌ
π Read
via "National Vulnerability Database".
Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30265 βΌ
π Read
via "National Vulnerability Database".
Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-1982 βΌ
π Read
via "National Vulnerability Database".
Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30321 βΌ
π Read
via "National Vulnerability Database".
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30284 βΌ
π Read
via "National Vulnerability Database".
Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-1973 βΌ
π Read
via "National Vulnerability Database".
A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
ποΈ Driftwood debuts: New open source tool hunts for leaked public-private key pairs ποΈ
π Read
via "The Daily Swig".
The tool will help security professionals find compromised TLS keys and sensitive keys tied to GitHub accountsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Driftwood debuts: New open source tool hunts for leaked public-private key pairs
The tool will help security professionals find compromised TLS keys and sensitive keys tied to GitHub accounts
π΄ In Appreciation: Alan Paller π΄
π Read
via "Dark Reading".
Alan Paller, founder of the famed SANS Institute, passed away on Nov. 9.π Read
via "Dark Reading".
Dark Reading
In Appreciation: Alan Paller
Alan Paller, founder of the famed SANS Institute, passed away on Nov. 9.
βΌ CVE-2021-3934 βΌ
π Read
via "National Vulnerability Database".
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Commandπ Read
via "National Vulnerability Database".
βΌ CVE-2021-43576 βΌ
π Read
via "National Vulnerability Database".
Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43578 βΌ
π Read
via "National Vulnerability Database".
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21699 βΌ
π Read
via "National Vulnerability Database".
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21701 βΌ
π Read
via "National Vulnerability Database".
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43577 βΌ
π Read
via "National Vulnerability Database".
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21700 βΌ
π Read
via "National Vulnerability Database".
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.π Read
via "National Vulnerability Database".
ποΈ Alan Paller: Infosec world pays homage after SANS founder and infosec luminary dies ποΈ
π Read
via "The Daily Swig".
βHis vision has changed the lives of hundreds of thousands of security practitionersβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Alan Paller: Infosec world pays homage after SANS founder and infosec luminary dies
βHis vision has changed the lives of hundreds of thousands of security practitionersβ
β Millions of Routers, IoT Devices at Risk from New Open-Source Malware β
π Read
via "Threat Post".
BotenaGo, written in Googleβs Golang programming language, can exploit more than 30 different vulnerabilities.π Read
via "Threat Post".
Threat Post
Millions of Routers, IoT Devices at Risk from BotenaGo Malware
BotenaGo, written in Googleβs Golang programming language, can exploit more than 30 different vulnerabilities.
ποΈ HTML smuggling: Fresh attack technique is being used to increasingly target banking sector ποΈ
π Read
via "The Daily Swig".
Evasive malware is being spread via email in campaigns similar to those of nation-state actorsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HTML smuggling: Fresh attack technique increasingly being used to target banking sector
Evasive malware is being spread via email in campaigns similar to those of nation-state actors