Blog Home
HAProxy Vulnerability

Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling
September 07, 2021

JFrog Security research teams are constantly looking for new and previously unknown vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a potentially critical vulnerability in HAProxy, a widely used open-source load balancer proxy server that is particularly suited for very high traffic web sites …

Read More

INFRA:HALT 14 New Security Vulnerabilities Found in NicheStack
August 04, 2021

NicheStack is a TCP/IP network stack commonly used in millions of Operational Technology (OT) devices around the world, including in critical infrastructure such as manufacturing plants, power generation/transmission/distribution, water treatment, and more. JFrog’s security research team (formerly Vdoo), together with Forescout Research Labs, recently discovered 14 new security vulnerabilities affecting the NicheStack TCP/IP stack. These …

Read More

Revisiting Realtek – A New Set of Critical Wi-Fi Vulnerabilities Discovered by Automated Zero-Day Analysis
June 02, 2021

On February 3rd 2021, we responsibly disclosed six critical issues in the Realtek RTL8195A Wi-Fi module, a popular Wi-Fi card found in numerous connected devices such as home and industrial appliances. Following that successful detection and disclosure, we expanded our analysis to additional modules. This new analysis resulted in two new critical vulnerabilities discovered by …

Read More
Python Package Index (PyPi)

Python wheel-jacking in supply chain attacks
February 16, 2021

Recently, a novel supply chain attack was published by security researcher Alex Birsan, detailing how dependency confusion (or “namesquatting“) in package managers can be misused in order to execute malicious code on production and development systems. Background – dependency confusion & Birsan’s attack In short, most package managers such as pip and npm do not …

Read More

Major Vulnerabilities Discovered and Patched in Realtek RTL8195A Wi-Fi Module
February 03, 2021

In a recent supply chain security assessment, the JFrog security research team (formerly Vdoo) analyzed multiple networking devices for security vulnerabilities and exposures. During the analysis we discovered and responsibly disclosed six major vulnerabilities in Realtek’s RTL8195A Wi-Fi module that these devices were based on. An attacker that exploits the discovered vulnerabilities can gain remote …

Read More
Vulnerability Discovered in RAUC Embedded Firmware Update Framework

CVE-2020-25860 – Significant Vulnerability Discovered in RAUC Embedded Firmware Update Framework
December 21, 2020

JFrog’s security research team (formerly Vdoo) are constantly researching leading embedded devices and their supply chain. As part of this research, we discovered CVE-2020-25860, a potentially critical vulnerability with CVSSv3 8.8 score in a Robust Auto-Update Controller (RAUC), an open-source framework for firmware updates. JFrog has responsibly disclosed this vulnerability and have worked closely with …

Read More

Major Vulnerabilities Discovered in Qualcomm QCMAP
October 14, 2020

In a recent supply chain security assessment, we analyzed multiple networking devices for security vulnerabilities and exposures. During the analysis we discovered and have responsibly disclosed four major vulnerabilities in Qualcomm’s QCMAP (Qualcomm Mobile Access Point) architecture that these devices were based on. An attacker that exploits the discovered vulnerabilities can gain remote root access …

Read More
Hidden Directory Traversal Vulnerability in QNX Slinger

Follow the Data: A Hidden Directory Traversal Vulnerability in QNX Slinger
August 11, 2020

Through our ongoing device security analysis, we often uncover—and responsibly disclose—new unknown vulnerabilities in both closed and open source software components used in connected devices. In this blog post, we discuss a directory traversal vulnerability that we recently discovered while analyzing the firmware of a device based on the BlackBerry QNX operating system. First, here’s …

Read More

Popular Tags