βΌ CVE-2022-30228 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35111 βΌ
π Read
via "National Vulnerability Database".
Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-35104 βΌ
π Read
via "National Vulnerability Database".
Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-40649 βΌ
π Read
via "National Vulnerability Database".
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22064 βΌ
π Read
via "National Vulnerability Database".
Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-35096 βΌ
π Read
via "National Vulnerability Database".
Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2022-22086 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-27219 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22068 βΌ
π Read
via "National Vulnerability Database".
kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
ποΈ GhostTouch: Hackers can reach your phoneβs touchscreen without even touching it ποΈ
π Read
via "The Daily Swig".
New research shows how electromagnetic interference can be used to trigger arbitrary behavior on mobile touchscreens, although caveats applyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GhostTouch: Hackers can reach your phoneβs touchscreen without even touching it
New research shows how electromagnetic interference can be used to trigger arbitrary behavior on mobile touchscreens, although caveats apply
π΄ Understanding and Mitigating Single Sign-on Risk π΄
π Read
via "Dark Reading".
SSO's one-to-many architecture is both a big advantage and a weakness.π Read
via "Dark Reading".
Dark Reading
Understanding and Mitigating Single Sign-on Risk
SSO's one-to-many architecture is both a big advantage and a weakness.
βΌ CVE-2021-40678 βΌ
π Read
via "National Vulnerability Database".
In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31273 βΌ
π Read
via "National Vulnerability Database".
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie.π Read
via "National Vulnerability Database".
ποΈ Oblivious DNS-over-HTTPS offers privacy enhancements to secure lookup protocol ποΈ
π Read
via "The Daily Swig".
ODoH is said to enhance user privacy without compromising performanceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Oblivious DNS-over-HTTPS offers privacy enhancements to secure lookup protocol
ODoH is said to enhance user privacy without compromising performance
π1π1
ποΈ LenelS2 access control vulnerabilities leave door open to lock manipulation ποΈ
π Read
via "The Daily Swig".
Vendor addresses threat to integrity and availability of physical access systemsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HID Mercury access control vulnerabilities leave door open to lock manipulation
Manufacturer addresses threat to integrity and availability of products sold to more than 20 OEM vendors
π΄ Optiv MXDR Enhances Detection Coverage With Expanded Cloud Integration π΄
π Read
via "Dark Reading".
Service ingests AWS, GCP and Microsoft Azure data.π Read
via "Dark Reading".
Dark Reading
Optiv MXDR Enhances Detection Coverage With Expanded Cloud Integration
Service ingests AWS, GCP and Microsoft Azure data.
βΌ CVE-2021-40660 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32336 βΌ
π Read
via "National Vulnerability Database".
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27889 βΌ
π Read
via "National Vulnerability Database".
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31845 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31309 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function.π Read
via "National Vulnerability Database".