‼ CVE-2021-30329 ‼
📖 Read
via "National Vulnerability Database".
Possible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35103 ‼
📖 Read
via "National Vulnerability Database".
Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35110 ‼
📖 Read
via "National Vulnerability Database".
Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35105 ‼
📖 Read
via "National Vulnerability Database".
Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1950 ‼
📖 Read
via "National Vulnerability Database".
Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30331 ‼
📖 Read
via "National Vulnerability Database".
Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25017 ‼
📖 Read
via "National Vulnerability Database".
Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35115 ‼
📖 Read
via "National Vulnerability Database".
Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35088 ‼
📖 Read
via "National Vulnerability Database".
Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35089 ‼
📖 Read
via "National Vulnerability Database".
Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35117 ‼
📖 Read
via "National Vulnerability Database".
An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30328 ‼
📖 Read
via "National Vulnerability Database".
Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30332 ‼
📖 Read
via "National Vulnerability Database".
Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
👍2
‼ CVE-2021-30333 ‼
📖 Read
via "National Vulnerability Database".
Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
🗓️ PHP bug allows attackers to bypass domain filters, stage DoS attacks against servers 🗓️
📖 Read
via "The Daily Swig".
Filter bypass flaw is triggered only on very large user input, which puts restrictions on its exploitability📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
PHP bug allows attackers to bypass domain filters, stage DoS attacks against servers
Filter bypass flaw is triggered only on very large user input, which puts restrictions on its exploitability
‼ CVE-2021-46443 ‼
📖 Read
via "National Vulnerability Database".
Spoofer 1.4.6 suffers from unquoted service paths vulnerability. An attacker as a low privileged local user can hijack the execution flow of the application to escalate privileges by inserting a malicious executable in a higher level directory with the vulnerable path.📖 Read
via "National Vulnerability Database".
❌ Apple Rushes Out Patches for 0-Days in MacOS, iOS ❌
📖 Read
via "Threat Post".
The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.📖 Read
via "Threat Post".
Threat Post
Apple Rushes Out Patches for 0-Days in MacOS, iOS
The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.
🗓️ GitLab addresses critical account hijack bug 🗓️
📖 Read
via "The Daily Swig".
Monthly release also addresses pair of stored XSS flaws📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitLab addresses critical account hijack bug
Monthly release also addresses pair of stored XSS flaws
👍1
🕴 More Than Ever, Security Matters 🕴
📖 Read
via "Dark Reading".
Public policy proposals must consider technical, practical, and real-world security effects, and make sure we avoid unintended consequences.📖 Read
via "Dark Reading".
Dark Reading
More Than Ever, Security Matters
Public policy proposals must consider technical, practical, and real-world security effects, and make sure we avoid unintended consequences.
‼ CVE-2022-24181 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.📖 Read
via "National Vulnerability Database".
🗓️ Bug Bounty Radar // The latest bug bounty programs for April 2022 🗓️
📖 Read
via "The Daily Swig".
New web targets for the discerning hacker📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for April 2022
New web targets for the discerning hacker