βΌ CVE-2022-3479 βΌ
π Read
via "National Vulnerability Database".
A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41602 βΌ
π Read
via "National Vulnerability Database".
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41598 βΌ
π Read
via "National Vulnerability Database".
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37603 βΌ
π Read
via "National Vulnerability Database".
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39064 βΌ
π Read
via "National Vulnerability Database".
An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRΓβ¦DFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRΓβ¦DFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:Hπ Read
via "National Vulnerability Database".
βΌ CVE-2022-38998 βΌ
π Read
via "National Vulnerability Database".
The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41589 βΌ
π Read
via "National Vulnerability Database".
The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38983 βΌ
π Read
via "National Vulnerability Database".
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.π Read
via "National Vulnerability Database".
π΄ Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows π΄
π Read
via "Dark Reading".
The authentication bypass flaw in FortiOS, FortiProxy, and FortiSwitch Manager is easy to find and exploit, security experts say.π Read
via "Dark Reading".
Dark Reading
Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows
The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say.
π΄ Apple's Constant Battles Against Zero-Day Exploits π΄
π Read
via "Dark Reading".
Such exploits sell for up to $10 million, making them the single most valuable commodity in the cybercrime underworld.π Read
via "Dark Reading".
Dark Reading
Apple's Constant Battles Against Zero-Day Exploits
Such exploits sell for up to $10 million, making them the single most valuable commodity in the cybercrime underworld.
π΄ Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows π΄
π Read
via "Dark Reading".
The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say.π Read
via "Dark Reading".
Dark Reading
Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows
The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say.
βΌ CVE-2022-39115 βΌ
π Read
via "National Vulnerability Database".
In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38698 βΌ
π Read
via "National Vulnerability Database".
In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39123 βΌ
π Read
via "National Vulnerability Database".
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2850 βΌ
π Read
via "National Vulnerability Database".
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39122 βΌ
π Read
via "National Vulnerability Database".
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38679 βΌ
π Read
via "National Vulnerability Database".
In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38670 βΌ
π Read
via "National Vulnerability Database".
In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38690 βΌ
π Read
via "National Vulnerability Database".
In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2963 βΌ
π Read
via "National Vulnerability Database".
A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39111 βΌ
π Read
via "National Vulnerability Database".
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.π Read
via "National Vulnerability Database".