βΌ CVE-2021-30323 βΌ
π Read
via "National Vulnerability Database".
Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30324 βΌ
π Read
via "National Vulnerability Database".
Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote process in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-35068 βΌ
π Read
via "National Vulnerability Database".
Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30317 βΌ
π Read
via "National Vulnerability Database".
Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-35069 βΌ
π Read
via "National Vulnerability Database".
Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
β Apple Patches Actively Exploited WebKit Zero Day β
π Read
via "Threat Post".
A memory issue affects myriad iPhone, iPad and MacOS devices and allows attackers to execute arbitrary code after processing malicious web content.π Read
via "Threat Post".
Threat Post
Apple Patches Actively Exploited WebKit Zero Day
A memory issue affects myriad iPhone, iPad and MacOS devices and allows attackers to execute arbitrary code after processing malicious web content.
β Apple zero-day drama for Macs, iPhones and iPads β patch now! β
π Read
via "Naked Security".
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ποΈ Bowserβs jury: Nintendo Switch hacker sent behind bars, owes video game giant further $4.5m ποΈ
π Read
via "The Daily Swig".
Underground business sold jailbreak devices for consoles including the Nintendo Switch, 3DS, and Microsoftβs Xboxπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Nintendo Switch hacker sent behind bars, owes video game giant further $4.5m
Underground business sold jailbreak devices for consoles including the Nintendo Switch, 3DS, and Microsoftβs Xbox
π΄ What CISOs Should Tell the Board About Log4j π΄
π Read
via "Dark Reading".
It's time for a reset with the board of directors. Very few have a dedicated, board-level cybersecurity committee, which means cybersecurity isn't viewed as a critical executive function.π Read
via "Dark Reading".
Dark Reading
What CISOs Should Tell the Board About Log4j
It's time for a reset with the board of directors. Very few have a dedicated, board-level cybersecurity committee, which means cybersecurity isn't viewed as a critical executive function.
βΌ CVE-2022-0560 βΌ
π Read
via "National Vulnerability Database".
Open Redirect in Packagist microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46355 βΌ
π Read
via "National Vulnerability Database".
OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-24289 βΌ
π Read
via "National Vulnerability Database".
Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44521 βΌ
π Read
via "National Vulnerability Database".
When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24112 βΌ
π Read
via "National Vulnerability Database".
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38679 βΌ
π Read
via "National Vulnerability Database".
An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.22 and laterπ Read
via "National Vulnerability Database".
π΄ BlackBerry Seeks to Restore Its Past Glory With Services Push π΄
π Read
via "Dark Reading".
Selling security software might prove easier than selling phones, but can BlackBerry outsmart its competition?π Read
via "Dark Reading".
Dark Reading
BlackBerry Seeks to Restore Its Past Glory With Services Push
Selling security software might prove easier than selling phones, but can BlackBerry outsmart its competition?
π nfstream 6.4.2 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.4.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Wireshark Analyzer 3.6.2 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.6.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Friday Five 2/11 π
π Read
via "".
Modernizing HIPAA, online romance scams cost millions, and more - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 2/11
Modernizing HIPAA, online romance scams cost millions, and more - catch up on the infosec news of the week with the Friday Five!
βΌ CVE-2021-22823 βΌ
π Read
via "National Vulnerability Database".
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)π Read
via "National Vulnerability Database".
βΌ CVE-2021-22806 βΌ
π Read
via "National Vulnerability Database".
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)π Read
via "National Vulnerability Database".