🛡 Cybersecurity & Privacy 🛡 - News

🔏 Friday Five 10/7 🔏

This week saw some good news around securing the midterm elections, warnings about IRS phishing scams, and new orders from CISA. Catch up in this week’s Friday Five!

📖 Read

via "".

293 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39847 ‼

Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.

📖 Read

via "National Vulnerability Database".

241 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-33896 ‼

A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.

📖 Read

via "National Vulnerability Database".

214 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39852 ‼

A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution.

📖 Read

via "National Vulnerability Database".

173 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39863 ‼

Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.

📖 Read

via "National Vulnerability Database".

161 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39867 ‼

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.

📖 Read

via "National Vulnerability Database".

153 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39859 ‼

Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent.

📖 Read

via "National Vulnerability Database".

146 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39877 ‼

Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.

📖 Read

via "National Vulnerability Database".

148 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39860 ‼

Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.

📖 Read

via "National Vulnerability Database".

149 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39850 ‼

Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.

📖 Read

via "National Vulnerability Database".

144 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39870 ‼

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.

📖 Read

via "National Vulnerability Database".

145 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39875 ‼

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

📖 Read

via "National Vulnerability Database".

140 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39864 ‼

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.

📖 Read

via "National Vulnerability Database".

139 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39856 ‼

Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information.

📖 Read

via "National Vulnerability Database".

138 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36868 ‼

Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.

📖 Read

via "National Vulnerability Database".

135 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39866 ‼

Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

📖 Read

via "National Vulnerability Database".

136 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39871 ‼

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.

📖 Read

via "National Vulnerability Database".

138 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39878 ‼

Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.

📖 Read

via "National Vulnerability Database".

143 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39868 ‼

Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

📖 Read

via "National Vulnerability Database".

166 views16:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39872 ‼

Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.

📖 Read

via "National Vulnerability Database".

173 views16:18

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39874 ‼

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

📖 Read

via "National Vulnerability Database".

185 views16:18

About

Blog

Apps

Platform