Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.4.17 and fixes at least the following security vulnerabilities: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running lin...

Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners

UPDATE Amazon’s Ring Doorbell app for Android is a nexus for data-harvesting, according to an investigation by the Electronic Frontier Foundation EFF. Privacy advocates allege Ring goes so far as to silently deliver updates on Ring customer usage to Facebook, even if the Ring owner doesn’t have a...

Memhunter - Live Hunting Of Code Injection Techniques

Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, improving the threat hunter analysis process and remediation times. The tool detects and reports memory-resident malware living on endpoint processes. Memhunter detects known malicious memory injection...

CVE-2019-10583

Use after free issue occurs when camera access sensors data through direct report mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605,...

CVE-2020-0007

In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...

ASUS SmartHome Gateway HG100, WS-101 and TS-101 Denial of Service Vulnerabilities

ASUS SmartHome Gateway HG100 and others are products of ASUS, Taiwan, China.ASUS SmartHome Gateway HG100 is a smart home central control gateway device.ASUS WS-101 is a smart switch sensor.TS-101 is a temperature/humidity sensor. A security vulnerability exists in ASUS SmartHome Gateway HG100...

ASUS SmartHome Gateway HG100, WS-101 and TS-101 Information Disclosure Vulnerabilities

ASUS SmartHome Gateway HG100 and others are products of ASUS, Taiwan, China.ASUS SmartHome Gateway HG100 is a smart home central control gateway device.ASUS WS-101 is a smart switch sensor.TS-101 is a temperature/humidity sensor. A security vulnerability exists in the ASUS SmartHome Gateway HG100...

CVE-2019-8554

A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed in iOS 12.2. A website may be able to access sensor information without user consent...

CVE-2019-8554

A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed in iOS 12.2. A website may be able to access sensor information without user consent...

CVE-2019-8541

A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs...

CVE-2019-8541

A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs...

Design/Logic Flaw

A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs...

Information disclosure

A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed in iOS 12.2. A website may be able to access sensor information without user consent...

CVE-2019-8541

Summary: CVE-2019-8541 is a privacy issue in motion sensor calibration that could allow a malicious app to track users between installs. It affects Apple devices and was fixed in iOS 12.2 and watchOS 5.2 via improved motion sensor processing. Huawei’s advisory (HWPSIRT-2019-05147) confirms this C...

CVE-2019-8541

A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs...

CVE-2019-8554

A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed in iOS 12.2. A website may be able to access sensor information without user consent...

CVE-2019-8554

CVE-2019-8554 describes a permissions issue in the handling of motion and orientation data that could allow a website to access sensor information without user consent. The issue is addressed with restrictions and is fixed in iOS 12.2. Related entries indicate this vulnerability affects Safari’s ...

maltrail

This is a malicious traffic detection system called Maltrail. It is a Python-based system that utilizes publicly available blacklists and custom user-defined lists to detect malicious traffic. The system can detect various types of malicious activity, including domain name, URL, IP address, and...

Google Android Framework Information Disclosure Vulnerability (CNVD-2019-44271)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA, of which Framework is a component of the Android framework. A security vulnerability exists in Framework in Google Android versions 10 and 9. An attacker could exploit the vulnerability with a...

CVE-2019-2266

Possible double free issue in kernel while handling the camera sensor and its sub modules power sequence in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and...