‼ CVE-2022-25668 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22069 ‼
📖 Read
via "National Vulnerability Database".
Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22097 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22104 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35132 ‼
📖 Read
via "National Vulnerability Database".
Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35135 ‼
📖 Read
via "National Vulnerability Database".
A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22080 ‼
📖 Read
via "National Vulnerability Database".
Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22099 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44718 ‼
📖 Read
via "National Vulnerability Database".
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25659 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36078 ‼
📖 Read
via "National Vulnerability Database".
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it's possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37458 ‼
📖 Read
via "National Vulnerability Database".
Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35113 ‼
📖 Read
via "National Vulnerability Database".
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22062 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36076 ‼
📖 Read
via "National Vulnerability Database".
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22061 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35108 ‼
📖 Read
via "National Vulnerability Database".
Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
🗓️ CSRF flaw in csurf NPM package aimed at protecting against the same flaws 🗓️
📖 Read
via "The Daily Swig".
Serious security prompt developers to discontinue open source package📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CSRF flaw in csurf NPM package aimed at protecting against the same flaws
Serious security prompt developers to discontinue open source package
🔏 Friday Five 9/2 🔏
📖 Read
via "".
Data privacy concerns were at the forefront of this week’s cybersecurity news but phishing and ransomware attacks are still making waves. Read about these stories and more in this week’s Friday Five!
📖 Read
via "".
🛠 Hashcat Advanced Password Recovery 6.2.6 Binary Release 🛠
📖 Read
via "Packet Storm Security".
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Hashcat Advanced Password Recovery 6.2.6 Binary Release ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Nmap Port Scanner 7.93 🛠
📖 Read
via "Packet Storm Security".
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Nmap Port Scanner 7.93 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers