#wifi

CVE-2023-38430

An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.

2 years ago

CVE

Open in Source

#ios #android #mac #google #linux #debian #git #oracle #intel #c++#perl #samba #pdf #lenovo #amd #bios #buffer_overflow #alibaba #asus #samsung #huawei #auth #ibm #dell #rpm #chrome #sap #wifi

CVE-2023-35818: Wi-Fi & Bluetooth MCUs and AIoT Solutions I Espressif Systems

An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.

2 years ago

CVE

Open in Source

#web #auth #wifi

Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew

Categories: Podcast This week on Lock and Code, we speak with maia arson crimew about the hack of the monitoring app LetMeSpy, which many have labeled as stalkerware. (Read more...) The post Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew appeared first on Malwarebytes Labs.

2 years ago

Malwarebytes

Open in Source

#web #android #mac #apple #google #wifi

CVE-2023-30559: BD Alaris™ System with Guardrails™ Suite MX

The firmware update package for the wireless card is not properly signed and can be modified.

2 years ago

CVE

Open in Source

#xss #vulnerability #mac #apache #git #perl #auth #wifi #ssl

QR codes are relevant again for everyone from diners to threat actors

QR codes have always served as a way for bad actors to spread malware or even your friendly neighborhood prankster to share Rick Astley’s most famous music video.

2 years ago

TALOS

Open in Source

#vulnerability #web #ios #android #windows #microsoft #amazon #cisco #git #intel #auth #zero_day #wifi

CVE-2023-33768: Wemo Smart Plug (Simple Setup Smart Outlet for Smart Home, Control Lights and Devices Remotely Works w/Alexa, Google Assistant, Apple HomeKit)(Pack of 1) - - Amazon.com

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.

2 years ago

CVE

Open in Source

#ios #apple #google #amazon #dos #perl #bios #acer #wifi

Ubuntu Security Notice USN-6222-1

Ubuntu Security Notice 6222-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

2 years ago

Packet Storm

Open in Source

#vulnerability #mac #ubuntu #linux #dos #intel #perl #amd #asus #wifi #ssl

CVE-2023-21256: Android Security Bulletin—July 2023

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

2 years ago

CVE

Open in Source