CVE-2022-21792

In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410...

CVE-2022-21792

CVE-2022-21792 affects the camera ISP in MediaTek devices, with an out-of-bounds write caused by a missing bounds check. The vulnerability can allow local escalation of privilege with System execution privileges, and requires no user interaction to exploit. A patch is available under patch ID ALP...

CVE-2022-21791

In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059...

CVE-2022-21791

CVE-2022-21791 affects MediaTek camera ISP components, causing an out-of-bounds read due to a missing bounds check. This could enable local information disclosure with SYSTEM execution privileges needed and requires no user interaction. Patch ALPS06478059 (Issue ALPS06478059) has been issued; aff...

CVE-2022-21790

In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306...

CVE-2022-21790

The CVE-2022-21790 issue concerns MediaTek camera ISP hardware where a missing bounds check allows an out-of-bounds read. This can lead to local information disclosure with system-level privileges required; exploitation does not require user interaction. A fix is identified as patch ALPS06479306 ...

PT-2022-15131 · Mediatek +1 · Mt6833 +1

Name of the Vulnerable Software and Affected Versions: No specific software name or version is mentioned in the provided descriptions. Description: In the camera ISP, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System...

PT-2022-15132 · Mediatek +1 · Mt6833 +1

Name of the Vulnerable Software and Affected Versions: No specific software name or version is mentioned in the provided descriptions. Description: In the camera ISP, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System...

PT-2022-17834 · Mediatek +1 · Mt6833 +1

Name of the Vulnerable Software and Affected Versions: In-camera ISP affected versions not specified Description: The issue is related to a missing bounds check, which could lead to an out of bounds write. This might result in local escalation of privilege, requiring System execution privileges. ...

A week in security (July 11 – July 17)

Last week on Malwarebytes Labs: Elden Ring maker Bandai Namco hit by ransomware and data leaks Predatory Sparrow massively disrupts steel factories while keeping workers safe New variant of Android SpyJoker malware removed from Play Store after 3 million+ installs China’s Tonto Team increases...

An ISP Scam Targeted Low-Income People Seeking Government Aid

The US Federal Communications Commission says a man posing as a fake broadband service promised victims discounts on internet services and devices...

Hermit spyware is deployed with the help of a victim’s ISP

Googles Threat Analysis Group TAG has revealed a sophisticated spyware activity involving ISPs internet service providers aiding in downloading powerful commercial spyware onto users mobile devices. The spyware, dubbed Hermit, is reported to have government clients much like Pegasus. Italian vend...

HOME SPOT CUBE2 vulnerable to OS command injection

Overview HOME SPOT CUBE2 provided by KDDI CORPORATION contains an OS command injection vulnerability CWE-78 due to improper processing of data received from DHCP server. Alice Rose reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

JVN#41017328: HOME SPOT CUBE2 vulnerable to OS command injection

HOME SPOT CUBE2 provided by KDDI CORPORATION contains an OS command injection vulnerability CWE-78 due to improper processing of data received from DHCP server. Impact An arbitrary OS command may be executed on the product if a malicious DHCP server is placed on the WAN side of the product...

TrustPid is another worrying, imperfect attempt to replace tracking cookies

German ISPs are considering the introduction of TrustPid, a new type of “supercookie” that comprises of a unique identifier which will be issued for each customer that will be able to track what that customer is doing online. The providers are trying to sell this idea by telling the public that t...

Every ISP in the US Must Block These 3 Pirate Streaming Services

The 96 internet service providers were told to enforce the orders “by any technological means available.”...

‘DarkWatchman’ RAT Shows Evolution in Fileless Malware

A novel remote access trojan RAT being distributed via a Russian-language spear-phishing campaign is using unique manipulation of Windows Registry to evade most security detections, demonstrating a significant evolution in fileless malware techniques. Dubbed DarkWatchman, the RAT – discovered by...

Buffer overflow

NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming ISP mode. This discloses protected flash memory...

CVE-2021-40154

CVE-2021-40154 affects NXP LPC55S69 devices prior to revision A3. In USB In-System Programming (ISP) mode, a crafted wlength value in a GET Descriptor Configuration request can trigger a buffer over-read, exposing protected flash memory. The linked documents confirm the root cause as a buffer ove...

ispd.org Improper Access Control vulnerability OBB-2203491

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...