βΌ CVE-2021-35120 βΌ
π Read
via "National Vulnerability Database".
Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-35129 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-35121 βΌ
π Read
via "National Vulnerability Database".
An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2022-27221 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30228 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35111 βΌ
π Read
via "National Vulnerability Database".
Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-35104 βΌ
π Read
via "National Vulnerability Database".
Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40649 βΌ
π Read
via "National Vulnerability Database".
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22064 βΌ
π Read
via "National Vulnerability Database".
Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-35096 βΌ
π Read
via "National Vulnerability Database".
Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2022-22086 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-27219 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22068 βΌ
π Read
via "National Vulnerability Database".
kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
ποΈ GhostTouch: Hackers can reach your phoneβs touchscreen without even touching it ποΈ
π Read
via "The Daily Swig".
New research shows how electromagnetic interference can be used to trigger arbitrary behavior on mobile touchscreens, although caveats applyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GhostTouch: Hackers can reach your phoneβs touchscreen without even touching it
New research shows how electromagnetic interference can be used to trigger arbitrary behavior on mobile touchscreens, although caveats apply
π΄ Understanding and Mitigating Single Sign-on Risk π΄
π Read
via "Dark Reading".
SSO's one-to-many architecture is both a big advantage and a weakness.π Read
via "Dark Reading".
Dark Reading
Understanding and Mitigating Single Sign-on Risk
SSO's one-to-many architecture is both a big advantage and a weakness.
βΌ CVE-2021-40678 βΌ
π Read
via "National Vulnerability Database".
In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31273 βΌ
π Read
via "National Vulnerability Database".
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie.π Read
via "National Vulnerability Database".
ποΈ Oblivious DNS-over-HTTPS offers privacy enhancements to secure lookup protocol ποΈ
π Read
via "The Daily Swig".
ODoH is said to enhance user privacy without compromising performanceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Oblivious DNS-over-HTTPS offers privacy enhancements to secure lookup protocol
ODoH is said to enhance user privacy without compromising performance
π1π1
ποΈ LenelS2 access control vulnerabilities leave door open to lock manipulation ποΈ
π Read
via "The Daily Swig".
Vendor addresses threat to integrity and availability of physical access systemsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HID Mercury access control vulnerabilities leave door open to lock manipulation
Manufacturer addresses threat to integrity and availability of products sold to more than 20 OEM vendors
π΄ Optiv MXDR Enhances Detection Coverage With Expanded Cloud Integration π΄
π Read
via "Dark Reading".
Service ingests AWS, GCP and Microsoft Azure data.π Read
via "Dark Reading".
Dark Reading
Optiv MXDR Enhances Detection Coverage With Expanded Cloud Integration
Service ingests AWS, GCP and Microsoft Azure data.
βΌ CVE-2021-40660 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.π Read
via "National Vulnerability Database".