EUVD-2023-32211

Malicious code in bioql PyPI...

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data...

Fedora: Security Advisory for CFR (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: CFR-0.151-16.fc40

CFR will decompile modern Java features - including much of Java 9, 12 & 14, but is written entirely in Java 6, so will work anywhere! It'll even make a decent go of turning class files from other JVM languages b ack into java!...

Hardcoded credentials

First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. ...

CVE-2023-47674

Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB...

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data...

Memory corruption

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data...

CVE-2023-28541

CVE-2023-28541 affects Qualcomm Data Modem (WLAN), with memory corruption during DMA buffer release involving CFR data. CVSSv3.1 base score 7.8 (HIGH) via NVD/Qualcomm metrics; impact includes confidentiality, integrity, and availability. Connected sources confirm the issue under Qualcomm compone...

CVE-2023-28541 Buffer Over-read in WLAN Host

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data...

CVE-2023-28541 Buffer Over-read in WLAN Host

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data...

PT-2023-21789 · Unknown · Data Modem

Name of the Vulnerable Software and Affected Versions: Data Modem affected versions not specified Description: The issue is related to memory corruption in the Data Modem when processing a DMA buffer release event concerning CFR data. Recommendations: At the moment, there is no information about ...

DSA-5041-1 cfrpki - security update

Bulletin has no description...

NERC CIP Compliance in Azure vs. Azure Government cloud

As discussed in my last blog post on North American Electric Reliability Corporation—Critical Infrastructure Protection NERC CIP Compliance in Azure, U.S. and Canadian utilities are now free to benefit from cloud computing in Azure for many NERC CIP workloads. Machine learning, multiple data...

Recaf - A Modern Java Bytecode Editor

Recaf is an open-source Java bytecode editor built on top of Objectweb's ASM. ASM is a bytecode manipulation library that abstracts away the constant pool and a few other class-file attributes. Since keeping track of the constant pool and managing proper stackframes are no longer necessary, compl...

Citrix *Client Folder Redirection* (CFR) is not *Folder Redirection*

Client Folder Redirection, Folder Redirection and Special Folder Redirection are not the same. Client Folder Redirection CFR provides access to client-side folders in an ICA session while not having to redirect complete client-side drives. Support throughClient Drive Mapping CDM has enabled...

Bytecode Viewer - A Java 8 Jar & Android Apk Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java...

Latest Internet Explorer zero-day linked to Elderwood Project

Last week we have seen ongoing attacks was exploiting a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 that came to light after the Council on Foreign Relations website was hacked and was hosting the code. Symantec has linked exploits to the group responsible f...

Microsoft Responds to IE Zero Day Used in CFR Watering Hole Attack

UPDATE – Microsoft responded this weekend with temporary mitigations and workarounds for a zero-day vulnerability in Internet Explorer exploited in an attack on the Council on Foreign Relations website. IE 6, 7 and 8 are vulnerable to exploits that would enable a remote attacker to execute code o...