Aggregator

CVE-2023-24850 | Qualcomm APQ8017 HLOS memory corruption

Vuldb Updates
2 weeks 2 days ago
A vulnerability, which was classified as critical, has been found in Qualcomm APQ8017, APQ8037, AQT1000, AR8035, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Home Hub 100 Platform, PM8937, QAM8255P, QAM8295P, QAM8650P, QAM8775P, QAMSRV1H, QCA6174A, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCA9379, QCC710, QCM2290, QCM4290, QCM4325, QCM4490, QCM6125, QCM6490, QCM8550, QCN6024, QCN6224, QCN6274, QCN7606, QCN9024, QCS2290, QCS4290, QCS4490, QCS6125, QCS6490, QCS8550, QDU1000, QDU1010, QDU1110, QDU1210, QDX1010, QDX1011, QFW7114, QFW7124, QRU1032, QRU1052, QRU1062, QSM8350, Qualcomm 215 Mobile Platform and Qualcomm Video Collaboration VC1 Platform. This issue affects some unknown processing of the component HLOS. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2023-24850. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-33026 | Qualcomm QCF8001 NAN Management Frame denial of service

Vuldb Updates
2 weeks 2 days ago
A vulnerability, which was classified as problematic, was found in Qualcomm AR8035, AR9380, CSR8811, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, Immersive Home 3210 Platform, Immersive Home 326 Platform, IPQ5010, IPQ5028, IPQ5332, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9554, IPQ9570, IPQ9574, PMP8074, QAM8255P, QAM8295P, QAM8650P, QAM8775P, QCA0000, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9886, QCA9888, QCA9889, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCC2073, QCC2076, QCC710 and QCF8001. Affected is an unknown function of the component NAN Management Frame Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-33026. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-33027 | Qualcomm QCA6696 WLAN Firmware denial of service

Vuldb Updates
2 weeks 2 days ago
A vulnerability has been found in Qualcomm 315 5G IoT Modem, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, Immersive Home 3210 Platform, Immersive Home 326 Platform, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5028, IPQ5332, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9554, IPQ9570, IPQ9574, PMP8074, QAM8255P, QAM8295P, QAM8650P, QAM8775P, QCA0000, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6310, QCA6320, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6554A, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ and QCA6696 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WLAN Firmware. The manipulation leads to denial of service. This vulnerability is known as CVE-2023-33027. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-33028 | Qualcomm QCN5054 WLAN memory corruption

Vuldb Updates
2 weeks 2 days ago
A vulnerability was found in Qualcomm AR8035, AR9380, CSR8811, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, Immersive Home 3210 Platform, Immersive Home 326 Platform, IPQ5010, IPQ5028, IPQ5332, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9554, IPQ9570, IPQ9574, QAM8255P, QAM8295P, QAM8650P, QAM8775P, QCA0000, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6391, QCA6426, QCA6436, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9886, QCA9888, QCA9889, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCC2073, QCC2076, QCC710, QCF8001, QCM4490, QCM6490, QCM8550, QCN5022, QCN5024, QCN5052 and QCN5054 and classified as critical. Affected by this issue is some unknown functionality of the component WLAN. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2023-33028. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-33034 | Qualcomm CSRA6620 ADSP Response Command memory corruption

Vuldb Updates
2 weeks 2 days ago
A vulnerability was found in Qualcomm CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6900, Flight RB5 5G Platform, QAM8295P, QCA6391, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCM6490, QCN9011, QCN9012, QCS410, QCS610, QCS6490, QRB5165M, QRB5165N, Qualcomm Video Collaboration VC1 Platform, Qualcomm Video Collaboration VC3 Platform, Robotics RB5 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SD888, SM7315, SM7325P, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 480 5G Mobile Platform and Snapdragon 480+ 5G Mobile Platform. It has been classified as critical. This affects an unknown part of the component ADSP Response Command Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2023-33034. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-33035 | Qualcomm AR8035 ADSP memory corruption

Vuldb Updates
2 weeks 2 days ago
A vulnerability was found in Qualcomm AR8035, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, MDM9650, QAM8255P, QAM8295P, QAM8650P, QAM8775P, QCA6174A, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCA9377, QCC710, QCM2290, QCM4290, QCM4325, QCM6490, QCM8550, QCN6224, QCN6274, QCN9011, QCN9012, QCS2290, QCS410, QCS4290, QCS610, QCS6490, QCS7230, QCS8250, QCS8550, QFW7114, QFW7124, QRB5165M, QRB5165N, Qualcomm 215 Mobile Platform, Qualcomm Video Collaboration VC1 Platform, Qualcomm Video Collaboration VC3 Platform, Qualcomm Video Collaboration VC5 Platform, Robotics RB5 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8255P, SA8295P, SD660, SD865 5G, SD888, SG4150P, SG8275P, SM4125, SM7250P, SM7315, SM7325P, SM8550P, Smart Audio 400 Platform and Snapdragon 4 Gen 1 Mobile Platform. It has been declared as critical. This vulnerability affects unknown code of the component ADSP Handler. The manipulation leads to memory corruption. This vulnerability was named CVE-2023-33035. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CISA Warns of ‘ToolShell’ Exploitation Chain Targeting SharePoint Servers; IOCs and Detections Released

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 weeks 2 days ago

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an exploitation chain dubbed “ToolShell” targeting on-premises Microsoft SharePoint servers. It leverages multiple vulnerabilities including CVE-2025-49704 (a remote code execution flaw via code injection, CWE-94), CVE-2025-49706 (improper authentication through network spoofing, CWE-287), CVE-2025-53770 (deserialization of untrusted data, CWE-502), and CVE-2025-53771 (another improper […]

The post CISA Warns of ‘ToolShell’ Exploitation Chain Targeting SharePoint Servers; IOCs and Detections Released appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes

The Hackers News
2 weeks 2 days ago
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. "At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it in memory," Socket security
The Hacker News

8 Essential Questions for Your Workforce Identity Verification (IDV) Vendor

Security Boulevard
2 weeks 2 days ago

Choosing the right identity verification (IDV) partner is one of the most critical security decisions you'll make. As organizations fortify their defenses, it’s clear that verifying the identity of your workforce requires a fundamentally different approach than verifying customers.

The stakes are simply higher. For customer verification, the primary goal is often a smooth, low-friction sign-up process. For your workforce, the goal is ironclad security to prevent a breach. The reality is that many IDV solutions on the market are repurposed customer onboarding tools, not purpose-built platforms designed to stop a skilled attacker from impersonating an employee.

This guide is designed to help you look beyond the surface-level features and assess whether a vendor can truly meet the security demands of a modern enterprise. Use these questions to find a genuine partner and a solution that is truly workforce-grade.

Core Capabilities and Security

The foundation of any IDV solution is its ability to accurately verify an identity while defending against advanced, modern attacks.

1. How do you protect against deepfakes and other advanced impersonation attacks?

To protect against modern threats, your first question should focus on a vendor's strategy for tackling sophisticated fraud. Threat actors now use AI to create deepfakes for both presentation attacks (showing a fake image to a camera) and injection attacks (bypassing the camera to feed a fake video stream directly into the system).

A workforce-grade solution should deliver:

  • Advanced Liveness Detection: The best solutions employ sophisticated liveness checks to distinguish between a live person and a spoof like a mask or recording. 
  • Injection Attack Prevention: A vendor should offer technology that prevents attackers from bypassing on-device cameras, making it nearly impossible to inject a deepfake into the verification stream.

The post 8 Essential Questions for Your Workforce Identity Verification (IDV) Vendor appeared first on Security Boulevard.

Joshua Gonzales

CVE-2023-28541 | Qualcomm QCA9898 Data Modem memory corruption

Vuldb Updates
2 weeks 2 days ago
A vulnerability classified as critical was found in Qualcomm AQT1000, AR8031, AR9380, C-V2X 9150, CSR8811, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, MDM9250, MDM9628, MDM9640, MDM9650, MSM8909W, QAM8255P, QAM8295P, QCA4024, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6554A, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA7500, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9377, QCA9880, QCA9886, QCA9888, QCA9889 and QCA9898. Affected by this vulnerability is an unknown functionality of the component Data Modem. The manipulation leads to memory corruption. This vulnerability is known as CVE-2023-28541. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-28542 | Qualcomm 315 5G IoT Modem WLAN Host memory corruption

Vuldb Updates
2 weeks 2 days ago
A vulnerability, which was classified as critical, has been found in Qualcomm 315 5G IoT Modem, APQ8064AU, AQT1000, AR8031, AR8035, C-V2X 9150, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, MDM9250, MDM9628, MDM9650, MSM8996AU, QAM8255P, QAM8295P, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCN6024, QCN9011, QCN9012, QCN9024, QCN9074, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QCS8250, QRB5165M, QRB5165N, Qualcomm Video Collaboration VC1 Platform, Qualcomm Video Collaboration VC3 Platform, Qualcomm Video Collaboration VC5 Platform, Robotics RB3 Platform, Robotics RB5 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P and SA8255P. Affected by this issue is some unknown functionality of the component WLAN Host. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2023-28542. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-21673 | Qualcomm QT1000 VM Resource Manager memory corruption

Vuldb Updates
2 weeks 2 days ago
A vulnerability was found in Qualcomm QT1000, AR8035, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, QAM8255P, QAM8295P, QAM8650P, QAM8775P, QAMSRV1H, QCA6174A, QCA6310, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCA9377, QCC710, QCM4490, QCM6490, QCM8550, QCN6224, QCN6274, QCN9011, QCN9012, QCS4490, QCS6490, QCS7230, QCS8250, QCS8550, QDU1000, QDU1010, QDU1110, QDU1210, QDX1010, QDX1011, QFW7114, QFW7124, QRB5165M, QRB5165N, QRU1032, QRU1052, QRU1062, QSM8350, Qualcomm Video Collaboration VC3 Platform, Qualcomm Video Collaboration VC5 Platform, Robotics RB3 Platform, Robotics RB5 Platform, SA6145P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8255P, SA8295P, SA8540P, SA8650P, SA9000P, SD 675, SD 8 Gen1 5G, SD 8CX, SD670, SD675, SD855, SD865 5G, SD888, SDX55, SDX57M, SG8275P, SM7250P, SM7315 and SM7325P and classified as critical. Affected by this issue is some unknown functionality of the component VM Resource Manager. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2023-21673. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-22385 | Qualcomm 315 5G IoT Modem Data Modem memory corruption

Vuldb Updates
2 weeks 2 days ago
A vulnerability, which was classified as critical, was found in Qualcomm 315 5G IoT Modem, 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, APQ8017, APQ8037, AQT1000, AR8035, C-V2X 9150, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, MDM8207, MDM9230, MDM9250, MDM9330, MDM9628, MDM9630, MDM9640, MSM8108, MSM8209, MSM8608, MSM8909W, MSM8996AU, QCA4004, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA6698AQ, QCA8081, QCA8337, QCA9367, QCA9377, QCC710, QCM2290, QCM4290, QCM4325, QCM4490, QCM6125, QCM6490, QCM8550, QCN6024, QCN6224, QCN6274, QCN9024, QCS2290, QCS410, QCS4290, QCS4490, QCS610, QCS6125, QCS6490, QCS8550, QFW7114, QFW7124, QTS110, Qualcomm 205 Mobile Platform and Qualcomm 215 Mobile Platform. This affects an unknown part of the component Data Modem. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2023-22385. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-24843 | Qualcomm 315 5G IoT Modem denial of service

Vuldb Updates
2 weeks 2 days ago
A vulnerability has been found in Qualcomm 315 5G IoT Modem, AR8035, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6574A, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCN6024, QCN9024, QCS6490, Qualcomm Video Collaboration VC3 Platform, SD855, SD865 5G, SDX55, SM7250P, SM7325P, Snapdragon 480 5G Mobile Platform and Snapdragon 480+ 5G Mobile Platform and classified as problematic. This vulnerability affects unknown code of the component Modem. The manipulation leads to denial of service. This vulnerability was named CVE-2023-24843. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-24847 | Qualcomm QCN9072 Modem denial of service

Vuldb Updates
2 weeks 2 days ago
A vulnerability was found in Qualcomm 315 5G IoT Modem, AQT1000, AR8031, AR8035, C-V2X 9150, CSR8811, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, FSM10055, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, IPQ5010, IPQ6010, IPQ6018, IPQ6028, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9250, PMP8074, QCA4024, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA6698AQ, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9888, QCA9889, QCA9984, QCC710, QCM2290, QCM4290, QCM4325, QCM4490, QCM6125, QCM6490, QCM8550, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6224, QCN6274, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070 and QCN9072. It has been classified as problematic. Affected is an unknown function of the component Modem. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-24847. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad