{"vulnerability": "CVE-2021-3035", "sightings": [{"uuid": "b0d1efae-151f-4bab-8525-ccb9af739cb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30351", "type": "seen", "source": "https://t.me/cibsecurity/34842", "content": "\u203c CVE-2021-30351 \u203c\n\nAn out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-03T12:38:19.000000Z"}, {"uuid": "ab579849-3d10-49df-83d4-1d71280dafe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30351", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9397", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day: Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices.\n\nThe impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user's multimedia data, including streaming from a compromised machine's camera.\n\n\u25aa\ufe0eCVE-2021-0674 (CVSS score: 5.5, MediaTek) - A case of improper input validation in ALAC decoder leading to information disclosure without any user interaction.\n\n\u25aa\ufe0eCVE-2021-0675 (CVSS score: 7.8, MediaTek) - A local privilege escalation flaw in ALAC decoder stemming from out-of-bounds write.\n\n\u25aa\ufe0eCVE-2021-30351 (CVSS score: 9.8, Qualcomm) - An out-of-bound memory access due to improper validation of number of frames being passed during music playback\n\n\nhttps://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html", "creation_timestamp": "2022-04-21T13:12:06.000000Z"}, {"uuid": "72da196e-6154-4aa5-980e-f3a3fca62894", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30357", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3089", "content": "Tools \ud83d\udd27 \ud83d\udd28 - Hackers Factory \n\n\u200b\u200bWebPalm\n\nA powerful command-line tool for website mapping and web scraping. With its recursive approach, it can generate a complete tree of all webpages and their links on a website. It can also extract data from the body of each page using regular expressions, making it an ideal tool for web scraping and data extraction.\n\nhttps://github.com/Malwarize/webpalm\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bGoogle Calendar RAT\n\nA PoC of Command&Control (C2) over Google Calendar Events, This tool has been developed for those circumstances where it is difficult to create an entire red teaming infrastructure.\n\nhttps://github.com/MrSaighnal/GCR-Google-Calendar-RAT\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCodegate 2023 Qualifiers statement\n\nFor those who are not aware, this weekend Kalmarunionen participated in the Codegate 2023 qualifier CTF. This is a very competitive qualifier, where the top 9 teams are allowed to attend the offline finals in Seoul, South Korea, in the fall, where they will compete for a share of a >$50k prize pool.\n\nhttps://github.com/kalmarunionenctf/codegate-statement\n\n#CTF #cybersecurity #infosec\n\n\u200b\u200bWin32 app isolation\n\nTools and documentation for Win32 app isolation.\n\nhttps://github.com/microsoft/win32-app-isolation\n\n#cybersecurity #infosec\n\n\u200b\u200bnuclei_gpt\n\nChatGPT+Langchain+Nuclei Chat automates Nuclei template generation.\n\nhttps://github.com/sf197/nuclei_gpt\n\n#cybersecurity #infosec #bugbounty\n\n\u200b\u200bCVE-2021-30357\n\nProof-of-Concept for privileged file read through CheckPoint SNX VPN Linux Client.\n\nhttps://github.com/joaovarelas/CVE-2021-30357_CheckPoint_SNX_VPN_PoC\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bWinDiff\n\nWeb-based tool that allows browsing and comparing symbol and type information of Microsoft Windows binaries across different versions of the operating system. The binary database is automatically updated to include information from the latest Windows updates.\n\nhttps://github.com/ergrelet/windiff\n\n#reverse #cybersecurity #infosec\n\n\u200b\u200bIIS Short Name Scanner\n\nLatest version of scanners for IIS short filename (8.3) disclosure vulnerability.\n\nhttps://github.com/irsdl/IIS-ShortName-Scanner\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bSpartacus \n\nDLL/COM Hijacking Toolkit.\n\nhttps://github.com/Accenture/Spartacus\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-06-22T22:39:42.000000Z"}, {"uuid": "8b310aa7-d361-4ce7-be47-63b5956b3dfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30351", "type": "seen", "source": "https://t.me/NeKaspersky/2165", "content": "\u0412 \u0430\u0443\u0434\u0438\u043e\u043a\u043e\u0434\u0435\u043a\u0430\u0445 MediaTek \u0438 Qualcomm \u043d\u0430\u0448\u043b\u0438 RCE\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0442\u0447\u0435\u0442\u0443 Check Point Research, \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u0435\u043a\u043e\u0434\u0435\u0440\u0430 ALAC (Apple Lossless Audio Codec, \u043e\u043f\u0435\u043d\u0441\u043e\u0440\u0441\u043d\u0443\u0442\u044b\u0439 \u0432 11 \u0433\u043e\u0434\u0443) \u043a\u0440\u0443\u043f\u043d\u0435\u0439\u0448\u0438\u0445 \u0432 \u043c\u0438\u0440\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u0439 SoC \u0434\u043b\u044f \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u043e\u0432 \u0431\u044b\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a \u0447\u0442\u0435\u043d\u0438\u044e/\u0437\u0430\u043f\u0438\u0441\u0438 \u0432\u043d\u0435 \u0433\u0440\u0430\u043d\u0438\u0446 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 \u0438 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0430\u0443\u0434\u0438\u043e\u0444\u0440\u0435\u0439\u043c\u043e\u0432, \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0445 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043c\u0443\u0437\u044b\u043a\u0438, \u0447\u0442\u043e \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u043c\u043e\u0433\u043b\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0434\u0435\u0432\u0430\u0439\u0441\u0430\u0445. \u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043e\u0436\u0438\u0434\u0430\u0435\u043c\u043e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0443\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0430\u0443\u0434\u0438\u043e\u0444\u0430\u0439\u043b \u0438 \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0436\u0435\u0440\u0442\u0432\u0443 \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u0438 \u0435\u0433\u043e, \u0432\u0441\u0435 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0431\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u041e \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u044f\u0445 \u0430\u0442\u0430\u043a\u0438, \u043a\u0440\u0435\u0430\u0442\u0438\u0432\u043d\u043e \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u043e\u0439 \u00abALHAC\u00bb, \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 MediaTek \u0438 Qualcomm, \u0438 \u0442\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0444\u0438\u043a\u0441\u044b \u0432 \u0434\u0435\u043a\u0430\u0431\u0440\u0435 2021 \u0433\u043e\u0434\u0430. \u0428\u0438\u0440\u043e\u043a\u043e\u0439 \u043f\u0443\u0431\u043b\u0438\u043a\u0435 \u043e \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u044f\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0431\u0430\u0433\u043e\u0432, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043a\u0430\u043a CVE-2021-0674 (5,5 CVSS), CVE-2021-0675 (7,8 CVSS) \u0438 CVE-2021-30351 (9,8 CVSS), \u043f\u043e\u043a\u0430 \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438, \u043e\u0434\u043d\u0430\u043a\u043e Check Point \u043f\u043e\u043e\u0431\u0435\u0449\u0430\u043b\u0438 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u044d\u0442\u043e \u043d\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u043e\u044f\u0449\u0435\u043c CanSecWest \u0432 \u043c\u0430\u0435 2022 \u0433\u043e\u0434\u0430.\n@NeKaspersky", "creation_timestamp": "2022-04-27T00:01:18.000000Z"}, {"uuid": "27abc3a1-d5c5-4767-98a9-59660dde77de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30350", "type": "seen", "source": "https://t.me/cibsecurity/44358", "content": "\u203c CVE-2021-30350 \u203c\n\nLack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T14:18:48.000000Z"}, {"uuid": "6245004a-dbab-4553-8983-4b27d541359e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30353", "type": "seen", "source": "https://t.me/cibsecurity/35401", "content": "\u203c CVE-2021-30353 \u203c\n\nImproper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T14:18:17.000000Z"}, {"uuid": "5aa8fb88-621e-4a14-a4a0-3f02fb2371f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30351", "type": "seen", "source": "https://t.me/true_secator/2876", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c RCE \u0432 \u0434\u0435\u043a\u043e\u0434\u0435\u0440\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Android, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u043d\u0430 \u0447\u0438\u043f\u0441\u0435\u0442\u0430\u0445 Qualcomm \u0438 MediaTek, \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043c\u0435\u0434\u0438\u0430\u0444\u0430\u0439\u043b\u0430\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0434\u0435\u043b\u0430\u0435\u0442 2/3 \u0434\u0435\u0432\u0430\u0439\u0441\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Check Point Research \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e Apple Lossless Audio Codec (ALAC) \u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Android, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u043d\u0430 \u0447\u0438\u043f\u0441\u0435\u0442\u0430\u0445 Qualcomm \u0438 MediaTek. \u041f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0438 \u0447\u0438\u043f\u0441\u0435\u0442\u043e\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u043a\u043e\u0434\u0430 ALAC \u0432 \u0441\u0432\u043e\u0438\u0445 \u0430\u0443\u0434\u0438\u043e\u0434\u0435\u043a\u043e\u0434\u0435\u0440\u0430\u0445.\n\nALAC \u2014 \u044d\u0442\u043e \u0444\u043e\u0440\u043c\u0430\u0442 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0437\u0432\u0443\u043a\u0430, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u044b\u0439 Apple \u0434\u043b\u044f \u0441\u0436\u0430\u0442\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u043c\u0443\u0437\u044b\u043a\u0438 \u0431\u0435\u0437 \u043f\u043e\u0442\u0435\u0440\u044c, \u0431\u044b\u043b \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d \u0432 2004 \u0433\u043e\u0434\u0443. \u0412 2011 \u0433\u043e\u0434\u0443 \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u0431\u044b\u043b \u0440\u0430\u0441\u043a\u0440\u044b\u0442 Apple, \u0441 \u0442\u0435\u0445 \u043f\u043e\u0440 \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043c\u043d\u043e\u0433\u0438\u0435 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0435 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0438.\n\nMediaTek \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 ALAC \u043a\u0430\u043a CVE-2021-0674 (\u0441\u0440\u0435\u0434\u043d\u044f\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 5,5) \u0438 CVE-2021-0675 (\u0432\u044b\u0441\u043e\u043a\u0430\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 7,8), \u0430 Qualcomm - \u043a\u0430\u043a CVE-2021-30351 (\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0442\u044f\u0436\u0435\u0441\u0442\u0438 \u0441 9,8 \u0431\u0430\u043b\u043b\u0430).\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u044b \u0432\u0441\u0435\u0445 \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443. \u0423\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0431\u043c\u0430\u043d\u043e\u043c \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u0438\u0441\u043a\u0430\u0436\u0435\u043d\u043d\u044b\u0439 \u0430\u0443\u0434\u0438\u043e\u0444\u0430\u0439\u043b \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u044d\u0442\u0443 \u0430\u0442\u0430\u043a\u0443 ALHACK.\n\n\u0412\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u043c\u043e\u0436\u0435\u0442 \u0432\u0430\u0440\u044c\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0434\u043e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043f\u043e\u0442\u043e\u043a\u043e\u0432\u0443\u044e \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0443 \u0441 \u043a\u0430\u043c\u0435\u0440\u044b \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 Android-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043c\u0435\u0434\u0438\u0430\u0434\u0430\u043d\u043d\u044b\u043c \u0438 \u0440\u0430\u0437\u0433\u043e\u0432\u043e\u0440\u0430\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0412\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438 \u0441 Check Point \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0438 MediaTek \u0438 Qualcomm \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0434\u0435\u043a\u0430\u0431\u0440\u0435 2021 \u0433\u043e\u0434\u0430. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u043e \u0438\u0437\u0431\u0435\u0436\u0430\u043d\u0438\u0438 \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u0441\u0432\u043e\u0438 \u0432\u044b\u0432\u043e\u0434\u044b \u043e\u043d\u0438 \u0433\u043e\u0442\u043e\u0432\u044b \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043d\u0430 CanSecWest \u0432 \u043c\u0430\u0435 2022 \u0433\u043e\u0434\u0430.", "creation_timestamp": "2022-04-22T11:53:08.000000Z"}, {"uuid": "9925eb89-fc95-425e-a597-9e703d4b1035", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30359", "type": "seen", "source": "https://t.me/cibsecurity/31034", "content": "\u203c CVE-2021-30359 \u203c\n\nThe Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-22T18:39:11.000000Z"}, {"uuid": "d4ed26f8-6ee8-4c88-bde9-4f373342343a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30358", "type": "seen", "source": "https://t.me/cibsecurity/30787", "content": "\u203c CVE-2021-30358 \u203c\n\nMobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-19T18:33:20.000000Z"}, {"uuid": "6704b336-641d-48d1-a22a-1826bf766f0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30351", "type": "exploited", "source": "https://t.me/androidMalware/1515", "content": "RCE vulnerability found in Qualcomm/MediaTek chips would allow attacker to gain control over a user's multimedia data, including streaming from a compromised machine's camera (CVE-2021-0674, CVE-2021-0675, CVE-2021-30351)\n\nExploitation: A threat actor could have sent a song (media file) and when played by a potential victim, it could have injected code in the privileged media service. The threat actor could have seen what the mobile phone user sees on their phone.\nhttps://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/", "creation_timestamp": "2022-05-06T11:15:07.000000Z"}, {"uuid": "f26d8aa5-f63a-4b99-ba94-8b4a27e32683", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30357", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8521", "content": "#exploit\n1. RCE vulnerability in math.js\nhttps://jwlss.pw/mathjs\n\n2. CVE-2021-30357:\nCheckPoint SNX VPN Linux Client - privileged file read\nhttps://github.com/joaovarelas/CVE-2021-30357_CheckPoint_SNX_VPN_PoC", "creation_timestamp": "2023-06-20T11:01:01.000000Z"}]}