βΌ CVE-2021-30330 βΌ
π Read
via "National Vulnerability Database".
Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30300 βΌ
π Read
via "National Vulnerability Database".
Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30285 βΌ
π Read
via "National Vulnerability Database".
Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30314 βΌ
π Read
via "National Vulnerability Database".
Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30313 βΌ
π Read
via "National Vulnerability Database".
Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30308 βΌ
π Read
via "National Vulnerability Database".
Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30311 βΌ
π Read
via "National Vulnerability Database".
Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30287 βΌ
π Read
via "National Vulnerability Database".
Possible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30353 βΌ
π Read
via "National Vulnerability Database".
Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
π΄ Check If You Have to Worry About the Latest HTTP Protocol Stack Flaw π΄
π Read
via "Dark Reading".
In this Tech Tip, SANS Instituteβs Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.π Read
via "Dark Reading".
Dark Reading
Check If You Have to Worry About the Latest HTTP Protocol Stack Flaw
In this Tech Tip, SANS Instituteβs Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.
β Adobe Cloud Abused to Steal Office 365, Gmail Credentials β
π Read
via "Threat Post".
Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered.π Read
via "Threat Post".
Threat Post
Adobe Cloud Abused to Steal Office 365, Gmail Credentials
Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered.
π΄ Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking π΄
π Read
via "Dark Reading".
The vulnerability was patched this week in Microsoft's set of security updates for January 2022.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
ποΈ Generation cyber: How diversity and ageism can impact the IT workforce ποΈ
π Read
via "The Daily Swig".
Report claims generational attitudes can help or hinder the industryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Generation cyber: How diversity and ageism can impact the IT workforce
Report claims generational attitudes can help or hinder the industry
βΌ CVE-2021-23514 βΌ
π Read
via "National Vulnerability Database".
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45806 βΌ
π Read
via "National Vulnerability Database".
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.π Read
via "National Vulnerability Database".
β New GootLoader Campaign Targets Accounting, Law Firms β
π Read
via "Threat Post".
GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.π Read
via "Threat Post".
Threat Post
New GootLoader Campaign Targets Accounting, Law Firms
GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.
β S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode -listen to it or read it now!π Read
via "Naked Security".
Naked Security
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
Latest episode -listen to it or read it now!
π΄ Redefining the CISO-CIO Relationship π΄
π Read
via "Dark Reading".
While these roles have different needs, drivers, and objectives, they should complement each other rather than compete with one another.π Read
via "Dark Reading".
Dark Reading
Redefining the CISO-CIO Relationship
While these roles have different needs, drivers, and objectives, they should complement each other rather than compete with one another.
ποΈ GitLab shifts left to patch high-impact vulnerabilities ποΈ
π Read
via "The Daily Swig".
HackerOne bug bounty reports triagedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitLab shifts left to patch high-impact vulnerabilities
HackerOne bug bounty reports triaged
π Clam AntiVirus Toolkit 0.104.2 π
π Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.π Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 0.104.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-23824 βΌ
π Read
via "National Vulnerability Database".
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability.π Read
via "National Vulnerability Database".