SSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear Security Vulnerabilities

SPA-CART CMS - Stored XSS

...

Debian dla-3775 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3775 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private...

CentOS 7 : firefox (RHSA-2024:1486)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1486 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

MobileShop master v1.0 - SQL Injection Vuln.

...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6710-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6710-1 advisory. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range- based bounds check elimination. This...

Apple iOS < 16.7.7 Multiple Vulnerabilities (HT214098)

The version of Apple iOS running on the mobile device is prior to 16.7.7. It is, therefore, affected by multiple...

Fedora 39 : firefox (2024-c8549a8c75)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c8549a8c75 advisory. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range- based bounds check elimination. This...

Debian dsa-5645 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5645 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This...

Slackware Linux 15.0 / current mozilla-firefox Vulnerability (SSA:2024-083-01)

The version of mozilla-firefox installed on the remote host is prior to 115.9.1esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-083-01 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...

SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Summary While examining the "App Link assetlinks.json file could not be found" vulnerability detected by MobSF, we, as the Trendyol Application Security team, noticed that a GET request was sent to the "/.well-known/assetlinks.json" endpoint for all hosts written with "android:host". In the...

SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Summary While examining the "App Link assetlinks.json file could not be found" vulnerability detected by MobSF, we, as the Trendyol Application Security team, noticed that a GET request was sent to the "/.well-known/assetlinks.json" endpoint for all hosts written with "android:host". In the...

CVE-2024-29190

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also....

CVE-2024-29190

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also....

CVE-2024-29190

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also....

CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also....

CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox &lt; 124.0.1 and.....

CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox &lt; 124.0.1 and.....

CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox &lt; 124.0.1 and.....

CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox &lt; 124.0.1 and.....

CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox &lt; 124.0.1 and.....

Implementing Zero Trust Controls for Compliance

The ThreatLocker® Zero Trust Endpoint Protection Platform implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero-days, unseen network...

Google Pays $10M in Bug Bounties in 2023

BleepingComputer has the details. It's $2M less than in 2022, but it's still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program's launch in 2010 has reached $59 million. For Android, the world's most popular and widely used mobile...

Mozilla Firefox ESR < 115.9.1

The version of Firefox ESR installed on the remote Windows host is prior to 115.9.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-16 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder < 1.15.23 - Sensitive Information Exposure

Description The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract....

Mozilla Firefox < 124.0.1

The version of Firefox installed on the remote Windows host is prior to 124.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-15 advisory. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range- based...

Security Vulnerabilities fixed in Firefox ESR 115.9.1 — Mozilla

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of...

CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox &lt; 124.0.1 and.....

Mozilla Firefox Security Advisory (MFSA2024-15) - Linux

This host is missing a security update for Mozilla...

Mozilla Firefox ESR < 115.9.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.9.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-16 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary ...

Security Vulnerabilities fixed in Firefox 124.0.1 — Mozilla

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This...

Mozilla Firefox < 124.0.1

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 124.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-15 advisory. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range- ...

Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now

Ivanti has issued patches for two vulnerabilities. One was discovered in the Ivanti Standalone Sentry, which impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. The other vulnerability impacts all supported versions of Ivanti Neurons for ITSM—2023.3, 2023.2.....

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 163 vulnerabilities disclosed in 126...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-15718)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14657)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....

Adobe Experience Manager Access Control Error Vulnerability (CNVD-2024-14656)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. An....

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14661)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-15719)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14660)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-15717)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14654)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....

Ubuntu: Security Advisory (USN-6702-1)

The remote host is missing an update for...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14653)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14659)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14658)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14655)

Adobe Experience Manager (AEM) is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee (Adobe). The program supports mobile content management, marketing and sales campaign management and multi-site management. A.....

Android malware, Android malware and more Android malware

Introduction Malware for mobile devices is something we come across very often. In 2023, our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023's most resonant attacks was Operation Triangulation, targeting iOS, but that was rather a unique case.....

The &#8216;AT&amp;T breach&#8217;—what you need to know

Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T. Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for.....

CVE-2024-2197

The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable.....

CVE-2024-2197

The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable.....