SSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear Security Vulnerabilities

KB5037768: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (May 2024)

The remote Windows host is missing security update 5037768. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...

KB5037781: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (May 2024)

The remote Windows host is missing security update 5037781. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...

Intel Thunderbolt Driver May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt driver software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP...

Why car location tracking needs an overhaul

Across America, survivors of domestic abuse and stalking are facing a unique location tracking crisis born out of policy failure, unclear corporate responsibility, and potentially risky behaviors around digital sharing that are now common in relationships. No, we’re not talking about stalkerware......

Apple iOS < 17.5 Multiple Vulnerabilities (HT214101)

The version of Apple iOS running on the mobile device is prior to 17.5. It is, therefore, affected by multiple...

Apple iOS < 16.7.8 Multiple Vulnerabilities (HT214100)

The version of Apple iOS running on the mobile device is prior to 16.7.8. It is, therefore, affected by multiple...

RHEL 6 : libmtp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libmtp: Integer overflow in ptp_unpack_OPL function (CVE-2017-9832) An integer overflow vulnerability in...

RHEL 7 : libmtp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libmtp: Integer overflow in ptp_unpack_OPL function (CVE-2017-9832) An integer overflow vulnerability in...

RHEL 6 : mozilla (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

CVE-2024-4737 Campcodes Legal Case Management System vendor cross site scripting

A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/vendor. The manipulation of the argument company_name/mobile leads to cross site scripting. It is possible to initiate the attack...

CVE-2024-4737 Campcodes Legal Case Management System vendor cross site scripting

A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/vendor. The manipulation of the argument company_name/mobile leads to cross site scripting. It is possible to initiate the attack...

CVE-2023-37526 HCL DRYiCE Lucy v9 (now AEX) is affected by a Cross Origin Resource Sharing (CORS) Vulnerability

HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning...

lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability

Summary The latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent ...

lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability

Summary The latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent ...

CVE-2024-22064 Configuration error Vulnerability in ZTE ZXUN-ePDG

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked,...

CVE-2024-22064 Configuration error Vulnerability in ZTE ZXUN-ePDG

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked,...

DocGo patient health data stolen in cyberattack

Medical health care provider DocGo has disclosed in a form 8-K that it experienced a cybersecurity incident involving some of the company’s systems. As part of the investigation of the incident, the company says it has determined that the attacker accessed and acquired data, including certain...

APT trends report Q1 2024

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published.....

Ubuntu: Security Advisory (USN-6767-1)

The remote host is missing an update for...

CVE-2024-20871

Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset...

CVE-2024-20869

Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for...

CVE-2024-20870

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy...

CVE-2024-20872

Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of...

CVE-2024-20864

Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system...

CVE-2024-20865

Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary...

CVE-2024-20863

Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary...

CVE-2024-20862

Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary...

CVE-2024-20866

Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation...

CVE-2024-20860

Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper...

CVE-2024-20856

Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific...

CVE-2024-20858

Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current...

CVE-2024-20861

Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory...

CVE-2024-20857

Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

Pixel Watch Security Bulletin—May 2024

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices (Google Devices). For Google devices, security patch levels of 2024-05-05 or later address all applicable issues in the May 2024 Android Security Bulletin and all issues in this bulletin....

CVE-2024-23351

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC...

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM)...

CVE-2024-23354

Memory corruption when the IOCTL call is interrupted by a...

CVE-2024-21476

Memory corruption when the channel ID passed by user is not validated and further...

CVE-2024-21480

Memory corruption while playing audio file having large-sized input...