Snapdragon Auto, Snapdragon Mobile Security Vulnerabilities
Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store...
4.4CVSS
6.7AI Score
0.0004EPSS
Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing...
5.9CVSS
6.5AI Score
0.0004EPSS
Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary...
5.9CVSS
7.3AI Score
0.0004EPSS
Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard...
4CVSS
6.4AI Score
0.0004EPSS
Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary...
7.3CVSS
7.3AI Score
0.0004EPSS
Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds...
4CVSS
6.5AI Score
0.0004EPSS
Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary...
5.6CVSS
7.4AI Score
0.0004EPSS
Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary...
8.4CVSS
7.2AI Score
0.0004EPSS
Out-of-bounds write vulnerability while releasing memory in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary...
8.4CVSS
7.2AI Score
0.0004EPSS
Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds...
4.2CVSS
6.5AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
IBM Security Verify Access Information Disclosure Vulnerability (CNVD-2024-16916)
IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management...
5.5CVSS
5.9AI Score
0.0004EPSS
7.4AI Score
Free VPN apps turn Android phones into criminal proxies
Researchers at HUMAN’s Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users' devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB. Cybercriminals and state actors like to send their traffic through other...
7.5AI Score
9.8CVSS
9.5AI Score
0.001EPSS
8.4CVSS
7.2AI Score
0.001EPSS
8.4CVSS
7.1AI Score
0.001EPSS
8.4CVSS
7.1AI Score
0.001EPSS
7.5CVSS
6.9AI Score
0.0005EPSS
7.5CVSS
6.8AI Score
0.0005EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown...
7.3CVSS
6.9AI Score
0.0005EPSS
Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS...
6.6CVSS
7AI Score
0.0004EPSS
Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration...
5.5CVSS
6.7AI Score
0.0004EPSS
7.5CVSS
6.9AI Score
0.0005EPSS
Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP...
7.5CVSS
6.8AI Score
0.0004EPSS
Memory corruption while processing buffer initialization, when trusted report for certain report types are...
7.8CVSS
7.3AI Score
0.0004EPSS
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in...
7.5CVSS
6.8AI Score
0.0005EPSS
8.4CVSS
7.1AI Score
0.001EPSS
8.4CVSS
7.1AI Score
0.001EPSS
Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals
Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN's Satori Threat Intelligence team, which said the cluster of VPN apps came fitted....
7AI Score
CVE-2024-20767-Adobe-ColdFusion Adobe ColdFusion is a rapid...
8.2CVSS
7.1AI Score
0.082EPSS
Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities
The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data. "Vultur has also started masquerading more of its...
7.7AI Score
Amazon Linux 2 : firefox (ALASFIREFOX-2024-023)
The version of firefox installed on the remote host is prior to 115.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-023 advisory. AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() could have...
8.7AI Score
0.0004EPSS
Teleport: SSRF in region parameter that leads to AWS Teleport role AWS account takeover
You have an Integration page in Teleport where one of the options is AWS OIDC which will allow people in Teleport to add resources fluently without actually having initial access to these resources or installing any agents on them. You will need to have connected and ready OIDC integration with...
7.3AI Score
Exploit for Embedded Malicious Code in Tukaani Xz
Ansible Playbook for Patching xz-Utils Vulnerability...
10CVSS
9.8AI Score
0.133EPSS
Kimai API returns timesheet entries a user should not be authorized to view
Summary The permission view_other_timesheet performs differently for the Kimai UI and the API, thus returning unexpected data through the API. Details When setting the view_other_timesheet permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When.....
6.8CVSS
7AI Score
0.0004EPSS
Kimai API returns timesheet entries a user should not be authorized to view
Summary The permission view_other_timesheet performs differently for the Kimai UI and the API, thus returning unexpected data through the API. Details When setting the view_other_timesheet permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When.....
6.8CVSS
7AI Score
0.0004EPSS
MFA bombing taken to the next level
Simply put, MFA bombing (also known as “push bombing” or “MFA fatigue”) is a brute force attack on your patience. Cybercriminals use MFA bombing to break into accounts that are protected by multi-factor authentication (MFA). MFA normally requires a user to enter a six-digit code sent by SMS, or...
7.4AI Score
CodeIgniter4 DoS Vulnerability
Impact A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Patches Upgrade to v4.4.7 or later. See upgrading guide. Workarounds Disabling Auto Routing prevents a known...
7.5CVSS
7AI Score
0.0004EPSS
CodeIgniter4 DoS Vulnerability
Impact A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Patches Upgrade to v4.4.7 or later. See upgrading guide. Workarounds Disabling Auto Routing prevents a known...
7.5CVSS
7AI Score
0.0004EPSS
Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds
Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu,...
7.7AI Score
Payment authorization and one-time passwords – Mobile Token
By Uzair Amir Isn't it shocking that people still use passwords like QWERTY12, 1234, or pet names for their online accounts?… This is a post from HackRead.com Read the original post: Payment authorization and one-time passwords – Mobile...
7.3AI Score
Exploit for Improper Authentication in Ivanti Endpoint Manager Mobile
CVE-2023-35078 Exploit POC ```sh ██████╗ ███╗ ...
9.8CVSS
7.2AI Score
0.968EPSS
How to back up your iPhone to a Windows computer
They say the only backup you ever regret is the one you didn't make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you've lost, or to fix things that have failed. We've published posts on how to back up your iPhone to iCloud, and how to backup an...
7.1AI Score
How to back up your iPhone to a Mac
They say the only backup you ever regret is the one you didn't make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you've lost, or to fix things that have failed. One of the most cost effective ways to backup your iPhone is to save backups to your...
7.1AI Score
How to back up your iPhone to iCloud
They say the only backup you ever regret is the one you didn't make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you've lost, or to fix things that have failed. The most convenient way to backup your iPhone is to have it backup to iCloud. Backups.....
7.3AI Score
[SECURITY] Fedora 38 Update: ofono-1.34-4.fc38
oFono.org is a place to bring developers together around designing an infrastructure for building mobile telephony (GSM/UMTS) applications. oFono includes a high-level D-Bus API for use by telephony applications. oFono also includes a low-level plug-in API for integrating with telephony stacks,...
8.1CVSS
6.6AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: ofono-1.34-5.fc39
oFono.org is a place to bring developers together around designing an infrastructure for building mobile telephony (GSM/UMTS) applications. oFono includes a high-level D-Bus API for use by telephony applications. oFono also includes a low-level plug-in API for integrating with telephony stacks,...
8.1CVSS
6.6AI Score
0.001EPSS