Snapdragon Auto, Snapdragon Mobile Security Vulnerabilities

TEMU sued for being “dangerous malware” by Arkansas Attorney General

Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer's mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to...

Etcd embed auto compaction retention negative value causing a compaction loop or a crash in go.etcd.io/etcd

Etcd embed auto compaction retention negative value causing a compaction loop or a crash in...

CVE-2024-30135

HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...

CVE-2024-30135

HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...

CVE-2024-30135 Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10

HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...

CVE-2024-30135 Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10

HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...

CVE-2024-30111

HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data...

CVE-2024-30111

HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data...

CVE-2024-30111 Missing Root Detection vulnerability affects DRYiCE AEX v10

HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data...

Ivanti Endpoint Manager Mobile < 11.11.0.0 Authentication Bypass

Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, versions before 11.11.0.0 suffer from an authentication bypass vulnerability, allowing unauthorized users to access restricted functionality or resources of the application without proper...

We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there

AI has since replaced "cryptocurrency" and "blockchain" as the cybersecurity buzzwords everyone wants to hear. We're not getting as many headlines about cryptocurrency miners, the security risks or promises of the blockchain, or non-fungible tokens being referenced on "Saturday Night Live." A...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

Snowflake isn’t an outlier, it’s the canary in the coal mine

By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials for...

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...

How to Use Python to Build Secure Blockchain Applications

Did you know it's now possible to build blockchain applications, known also as decentralized applications (or "dApps" for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an...

CVE-2024-6054

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....

CVE-2024-6054

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....

CVE-2024-6054 Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....

Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack

On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. Upon further investigation, our team quickly identified 4 additional affected plugins through our internal Threat...

New “Snowblind” Android Malware Steals Logins, Bypasses Security Features

New Android Malware "Snowblind" bypasses security! It exploits Linux's seccomp to launch scalable attacks and steal your data. Download safely, update your device, and consider mobile security to stay...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2022-48554 DESCRIPTION: **File is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the file_copystr...

New Medusa Android Trojan Targets Banking Users Across 7 Countries

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through...

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. "Protecting our users is our top priority. We detected a security....

AMD Processors February 2024 Security Updates

AMD has informed HP of potential vulnerabilities identified in client platform firmware for some AMD processors, which might allow escalation of privilege, arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2190-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2190-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The...

Security Bulletin: Maximo Application Suite - torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-31583 DESCRIPTION:...

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

Malicious code in auto-validate (RubyGems)

-= Per source details. Do not edit below this...

Malicious code in auto-scaling_methods (RubyGems)

-= Per source details. Do not edit below this...

Malicious code in auto-localize (RubyGems)

-= Per source details. Do not edit below this...

Malicious code in auto-flick (RubyGems)

-= Per source details. Do not edit below this...

Malicious code in auto-click (RubyGems)

-= Per source details. Do not edit below this...

Malicious code in stake-auto-better (PyPI)

-= Per source details. Do not edit below this...

Malicious code in mobile-auth-library-react-native (npm)

-= Per source details. Do not edit below this...

Malicious code in mobile-kohana (npm)

-= Per source details. Do not edit below this...

Malicious code in icomm-mobile (npm)

-= Per source details. Do not edit below this...

Malicious code in gcommon-ui-mobile (npm)

-= Per source details. Do not edit below this...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1835)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...

HP PC BIOS Additional Security Update for TOCTOU

A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. HP has...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

CVE-2024-36244

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1814)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1814)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1835)

The remote host is missing an update for the Huawei...

CVE-2024-33898

Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code...

CVE-2024-33898

Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code...

Cloud Software Group Security Advisory for CVE-2024-3661

Cloud Software Group has evaluated the impact of vulnerability CVE-2024-3661 on our products. This vulnerability may allow an attacker on the same local network as the victim to read, disrupt, or modify network traffic expected to be protected by the VPN. Please find below the impact status: ...