TSEC NEWS: 06.05.21 Cron-Job Fehlerhaft nach PHP Update + PWA mobile + Desktop / 04.05.21 - Android App von TSECURITY 28.04.21 - NEUER SERVER // 26.04.21 ++ Download the Electron-App für tsecurity.de // Über 550 Feed-Quellen


❈ Qualcomm Snapdragon Auto EAPOL Key Length out-of-bounds read

Sicherheitslücken / Exploits vuldb.com

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music and Snapdragon Wired Infrastructure and Networking (Chip Software). It has been rated as problematic. This issue affects an unknown functionality of the component EAPOL Key Length Handler. Upgrading eliminates this vulnerability....


Kompletten Artikel lesen (externe Quelle: https://vuldb.com/?id.176597)

Zur Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

SharpDPAPI - A C# Port Of Some Mimikatz DPAPI Functionality

vom 583.21 Punkte
SharpDPAPI is a C# port of some DPAPI functionality from @gentilkiwi's Mimikatz project.I did not come up with this logic, it is simply a port from Mimikatz in order to better understand the process and operationalize it to fit our workflow. The SharpChrome subproject is an adaptation of work from @gentilkiwi and @djhohnstein, specifically his SharpChrome project. However, this version of SharpChrome

Snapdragon Automobile/Wearable/Mobile bis MSM8909W video_fmt_mp4r_process_atom_avc1() Pufferüberlauf

vom 515.32 Punkte
Es wurde eine kritische Schwachstelle in Snapdragon Automobile, Wearable sowie Mobile ausgemacht. Dabei betrifft es die Funktion video_fmt_mp4r_process_atom_avc1(). Mittels Manipulieren mit einer unbekannten Eingabe kann eine Pufferüberlauf-Schwachstelle ausgenutzt werd

Snapdragon Automobile/Wearable/Mobile bis MSM8909W video_fmt_mp4r_process_atom_avc1() Pufferüberlauf

vom 515.32 Punkte
Es wurde eine kritische Schwachstelle in Snapdragon Automobile, Wearable sowie Mobile ausgemacht. Dabei betrifft es die Funktion video_fmt_mp4r_process_atom_avc1(). Mittels Manipulieren mit einer unbekannten Eingabe kann eine Pufferüberlauf-Schwachstelle ausgenutzt werd

Veracode Hacker Games: The Results Are In!

vom 447.19 Punkte
The first everツ?Veracode Hacker Gamesツ?competition hasツ?come to a close, but were the flaws inツ?favor of our brave competitors? Read on to find out.ツ? Over the course of the two-weekツ?challenge, students from several universities in the U.S. and the U.K. came together to explore vulne

Keyfinder - A Tool For Finding And Analyzing Private (And Public) Key Files, Including Support For Android APK Files

vom 305.97 Punkte
CERT Keyfinder is a utility for finding and analyzing key files on a filesystem as well as contained within Android APK files. CERT Keyfinder development was sponsored by the United States Department of Homeland Security (DHS). Installation requirements: Python (3.x recommended) androguard python-magic PyOpenSSL apktool grep OpenSSL Java Installation Obtain the Keyfinder code. This ca

AES Finder - Utility To Find AES Keys In Running Processes

vom 279.14 Punkte
Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys. Usage Open aes-finder.sln solution in Visual Studio 2013 to compile source. Alternatively use gcc/clang: g++ -O3 -march=native -fomit-frame-pointer aes-find

MyJWT - A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)

vom 187.48 Punkte
This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject ,etc... Check Documentation for more information. If you see problems or enhancement send an issue.I will respond as soon as possible. Enjoy :)Documentation D

XKB custom keyboard layouts for KDE in Arch Linux

vom 186.09 Punkte
There is no short way to do this AFAIK. Background This question at r/linux, and this nice article explaining something similar. Quarantine :D I could never get xmodmap changes to persist across reboots, or even through normal uptime. Years later, I decided that i should edit

ownCloud: Remote Code Execution through Deserialization Attack in OwnBackup app.

vom 172.73 Punkte
I found a deserialization vulnerability in the OwnBackup app, this vulnerability allows to execute remote code in the server. An administrator user could install the vulnerable app, or take advantage of this vulnerability if the OwnBackup application is

Qualcomm Snapdragon Auto EAPOL Key Length out-of-bounds read

vom 164.48 Punkte
A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &

ZDI-20-709: Heap Overflow in the NETGEAR Nighthawk R6700 Router

vom 162.64 Punkte
Pwn2Own competitions often inspire people to research products and technologies, even if the researcher does not actively participate in the contest. Such is the case here, where the security researcher known as d4rkn3ss took a closer look at one of

Performance Improvements in .NET Core 3.0

vom 159.28 Punkte
Back when we were getting ready to ship .NET Core 2.0, I wrote a blog post exploring some of the many performance improvements that had gone into it. I enjoyed putting it together so much and received such a positive response to the post that I did it

Team Security Diskussion über Qualcomm Snapdragon Auto EAPOL Key Length out-of-bounds read