TSEC NEWS: 06.05.21 Cron-Job Fehlerhaft nach PHP Update + PWA mobile + Desktop / 04.05.21 - Android App von TSECURITY 28.04.21 - NEUER SERVER // 26.04.21 ++ Download the Electron-App für tsecurity.de // Über 550 Feed-Quellen


❈ Qualcomm Snapdragon Wired Infrastructure and Networking TrustZone BSP pointer memory corruption

Sicherheitslücken / Exploits vuldb.com

A vulnerability, which was classified as critical, was found in Qualcomm Snapdragon Wired Infrastructure and Networking (Chip Software) (the affected version unknown). This affects an unknown code block of the component TrustZone BSP. Upgrading eliminates this vulnerability....


Kompletten Artikel lesen (externe Quelle: https://vuldb.com/?id.176601)

Zur Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

Snapdragon Automobile/Wearable/Mobile bis MSM8909W video_fmt_mp4r_process_atom_avc1() Pufferüberlauf

vom 515.31 Punkte
Es wurde eine kritische Schwachstelle in Snapdragon Automobile, Wearable sowie Mobile ausgemacht. Dabei betrifft es die Funktion video_fmt_mp4r_process_atom_avc1(). Mittels Manipulieren mit einer unbekannten Eingabe kann eine Pufferüberlauf-Schwachstelle ausgenutzt werd

Snapdragon Automobile/Wearable/Mobile bis MSM8909W video_fmt_mp4r_process_atom_avc1() Pufferüberlauf

vom 515.31 Punkte
Es wurde eine kritische Schwachstelle in Snapdragon Automobile, Wearable sowie Mobile ausgemacht. Dabei betrifft es die Funktion video_fmt_mp4r_process_atom_avc1(). Mittels Manipulieren mit einer unbekannten Eingabe kann eine Pufferüberlauf-Schwachstelle ausgenutzt werd

Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes

vom 280.39 Punkte
This is the second in our series of Top 5 interesting cases from 2019. Each of these bugs has some element that sets them apart from the more than 1,000 advisories released by the program this year. Today’s blog looks a local privilege escalation in t

Enhancing the customer experience with the Azure Networking MSP partner program

vom 274.54 Punkte
We are always looking for ways to improve the customer experience and allow our partners to complement our offerings. In support of these efforts we are sharing the Azure Networking Managed Service Provider (MSP) program along with partners that deliv

CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification

vom 217.22 Punkte
During the recent Pwn2Own 2020 competition, Manfred Paul (@_manfp) of RedRocket CTF used an improper input validation bug in the Linux kernel to go from a standard user to root. Manfred used this bug during the contest to win $30,000 in the Privilege Escalation categ

RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer

vom 191.53 Punkte
On the last day of 2018, I discovered a type confusion vulnerability in Internet Explorer that yields a clean write-what-where primitive. It patched this April as CVE-2019-0752. As an exercise, I wrote a full exploit for this vulnerability using an original exploitation technique. Even though the vulnerability itself produces only a controlled write and

Building Modern Cloud Applications using Pulumi and .NET Core

vom 180.21 Punkte
This is a guest post from the Pulumi team. Pulumi is an open source infrastructure as code tool that helps developers and infrastructure teams work better together to create, deploy, and manage cloud applications using their favorite languages. For mo

How To Drive Data Center Modernization With Composable Infrastructure - Tech Cloud Link

vom 167.2 Punkte
Today’s IT leaders are at a crossroads. Behind them, there’s a long legacy of hardware and software deployment decisions that have served the business well for years. But new business requirements and application development methods have begun to

Enabling and securing ubiquitous compute from intelligent cloud to intelligent edge

vom 163.98 Punkte
Enterprises are embracing the cloud to run their mission-critical workloads. The number of connected devices on and off-premises, and the data they generate continue to increase requiring new enterprise network edge architectures. We call this the in

Qualcomm's Next-gen Snapdragon 865 Mobile Chip Focuses on 5G

vom 159.33 Punkte
Qualcomm uncorked this year's version of its Snapdragon Technology Summit by announcing the names of its two new upcoming Snapdragon chips, the Snapdragon 865 and the Snapdragon 765/765G. Not surprisingly, the emphasis this year is on 5G, and the "AI"

AA21-048A: AppleJeus: Analysis of North Korea’s Cryptocurrency Malware

vom 155.83 Punkte
Original release date: February 17, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result o

MemProcFS - The Memory Process File System

vom 153.31 Punkte
The Memory Process File System is an easy and convenient way of accessing physical memory as files a virtual file system.Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via

Team Security Diskussion über Qualcomm Snapdragon Wired Infrastructure and Networking TrustZone BSP pointer memory corruption