Snapdragon Compute, Snapdragon Consumer Iot, Snapdragon Mobile Security Vulnerabilities

Virtuozzo Hybrid Infrastructure 6.2 (6.2.0-136)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service, high availability of the management node, object storage management, networking, and monitoring. Additionally, this release delivers stability improvements and addresses issues found...

TEMU sued for being “dangerous malware” by Arkansas Attorney General

Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer's mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to...

CVE-2024-30135

HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...

CVE-2024-30135

HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...

CVE-2024-30135 Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10

HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...

CVE-2024-30135 Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10

HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...

CVE-2024-30111

HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data...

CVE-2024-30111

HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data...

CVE-2024-30111 Missing Root Detection vulnerability affects DRYiCE AEX v10

HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data...

Certain HP PC BIOS Logo Vulnerabilities

Potential security vulnerabilities, known as LogoFAIL, have been reported in the AMI BIOS and the Insyde BIOS used in certain HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, information disclosure, and/or data tampering. AMI and Insyde are...

Intel Chipset Device Software May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Chipset Device Software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

Ivanti Endpoint Manager Mobile < 11.11.0.0 Authentication Bypass

Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, versions before 11.11.0.0 suffer from an authentication bypass vulnerability, allowing unauthorized users to access restricted functionality or resources of the application without proper...

How to Use Python to Build Secure Blockchain Applications

Did you know it's now possible to build blockchain applications, known also as decentralized applications (or "dApps" for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an...

ROS-20240627-05

A vulnerability in the update_sctp_checksum() function of the QEMU hardware emulator is related to a reachability assertion when attempting to calculate the checksum of a fragmented packet of small size. of reachability when attempting to compute the checksum of a fragmented small packet....

CVE-2024-38375

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and.....

CVE-2024-38375

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and.....

CVE-2024-38375

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and.....

@fastly/js-compute has a use-after-free in some host call implementations

Impact The implementation of the following functions were determined to include a use-after-free bug: FetchEvent.client.tlsCipherOpensslName FetchEvent.client.tlsProtocol FetchEvent.client.tlsClientCertificate FetchEvent.client.tlsJA3MD5 FetchEvent.client.tlsClientHello...

@fastly/js-compute has a use-after-free in some host call implementations

Impact The implementation of the following functions were determined to include a use-after-free bug: FetchEvent.client.tlsCipherOpensslName FetchEvent.client.tlsProtocol FetchEvent.client.tlsClientCertificate FetchEvent.client.tlsJA3MD5 FetchEvent.client.tlsClientHello...

New “Snowblind” Android Malware Steals Logins, Bypasses Security Features

New Android Malware "Snowblind" bypasses security! It exploits Linux's seccomp to launch scalable attacks and steal your data. Download safely, update your device, and consider mobile security to stay...

CVE-2024-38375 @fastly/js-compute use-after-free in some host call implementations

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and.....

XAES-256-GCM

About a year ago I wrote that "I want to use XAES-256-GCM/11, which has a number of nice properties and only the annoying defect of not existing." Well, there is now an XAES-256-GCM specification. (Had to give up on the /11 part, but that was just a performance optimization.) XAES-256-GCM is an...

New Medusa Android Trojan Targets Banking Users Across 7 Countries

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through...

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. "Protecting our users is our top priority. We detected a security....

AMD Processors February 2024 Security Updates

AMD has informed HP of potential vulnerabilities identified in client platform firmware for some AMD processors, which might allow escalation of privilege, arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...

Security Bulletin: Maximo Application Suite - torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-31583 DESCRIPTION:...

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4...

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4...

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit...

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit...

CVE-2024-39467 f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit...

Malicious code in sap-iot-sdk (npm)

-= Per source details. Do not edit below this...

Malicious code in mobile-auth-library-react-native (npm)

-= Per source details. Do not edit below this...

Malicious code in mobile-kohana (npm)

-= Per source details. Do not edit below this...

Malicious code in icomm-mobile (npm)

-= Per source details. Do not edit below this...

Malicious code in gcommon-ui-mobile (npm)

-= Per source details. Do not edit below this...

CVE-2024-34777

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...

CVE-2024-38630

In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() to de-activate the timer. If the timer handler is running, del_timer() could not stop it...

CVE-2024-37353

In the Linux kernel, the following vulnerability has been resolved: virtio: delete vq in vp_find_vqs_msix() when request_irq() fails When request_irq() fails, error path calls vp_del_vqs(). There, as vq is present in the list, free_irq() is called for the same vector. That causes following splat:.....

CVE-2024-38663

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each iostat instance is added to blkcg percpu list, so blkcg_reset_stats() can't reset the stat...

CVE-2024-37021

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

CVE-2024-39277

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...

CVE-2024-32936

In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: Fix races while restarting DMA After the frame is submitted to DMA, it may happen that the submitted list is not updated soon enough, and the DMA callback is triggered before that. This can lead to kernel.....

CVE-2024-39291

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...

CVE-2024-38662

In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a...

CVE-2024-38391

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix cxlr_pmem leaks Before this error path, cxlr_pmem pointed to a kzalloc() memory, free it to avoid this memory...

CVE-2024-38384

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE -&gt;lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of -&gt;lqueued is re-ordered with READ of 'bisc-&gt;lnod...