β S3 Ep127: When you chop someone out of a photo, but there they are anywayβ¦ β
π Read
via "Naked Security".
Listen now - latest episode. Full transcript inside.π Read
via "Naked Security".
Naked Security
S3 Ep127: When you chop someone out of a photo, but there they are anywayβ¦
Listen now β latest episode. Full transcript inside.
β WooCommerce Payments plugin for WordPress has an admin-level hole β patch now! β
π Read
via "Naked Security".
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.π Read
via "Naked Security".
Naked Security
WooCommerce Payments plugin for WordPress has an admin-level hole β patch now!
Admin-level holes in websites are always a bad thingβ¦ and for βbadβ, read βworseβ if itβs an e-commerce site.
βΌ CVE-2020-36691 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3844 βΌ
π Read
via "National Vulnerability Database".
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. This vulnerability is mitigated by the use of the Platform Login feature. This issue is related to CVE-2019-5638.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28152 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47502 βΌ
π Read
via "National Vulnerability Database".
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38745 βΌ
π Read
via "National Vulnerability Database".
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.π Read
via "National Vulnerability Database".
π΄ Malicious ChatGPT Extensions Add to Google Chrome Woes π΄
π Read
via "Dark Reading".
The second malicious ChatGPT extension for Chrome has been discovered, giving malicious actors access to users' Facebook accounts through stolen cookies.π Read
via "Dark Reading".
Dark Reading
Malicious ChatGPT Extensions Add to Google Chrome Woes
The second malicious ChatGPT extension for Chrome has been discovered, giving malicious actors access to users' Facebook accounts through stolen cookies.
π΄ Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month π΄
π Read
via "Dark Reading".
A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.π Read
via "Dark Reading".
Dark Reading
Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month
A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.
π΄ GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository π΄
π Read
via "Dark Reading".
GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.π Read
via "Dark Reading".
Dark Reading
GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository
GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.
π΄ CyberSecure Announces Strategic Alliance π΄
π Read
via "Dark Reading".
The joint partnership represents expanded market opportunities.π Read
via "Dark Reading".
Dark Reading
CyberSecure Announces Strategic Alliance
The joint partnership represents expanded market opportunities.
π΄ Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest π΄
π Read
via "Dark Reading".
In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.π Read
via "Dark Reading".
Dark Reading
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest
In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.
βΌ CVE-2023-20995 βΌ
π Read
via "National Vulnerability Database".
In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241910279π Read
via "National Vulnerability Database".
βΌ CVE-2023-21041 βΌ
π Read
via "National Vulnerability Database".
In append_to_params of param_util.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-250123688References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21043 βΌ
π Read
via "National Vulnerability Database".
In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239872581References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21036 βΌ
π Read
via "National Vulnerability Database".
In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21042 βΌ
π Read
via "National Vulnerability Database".
In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239873326References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21026 βΌ
π Read
via "National Vulnerability Database".
In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548π Read
via "National Vulnerability Database".
βΌ CVE-2023-21030 βΌ
π Read
via "National Vulnerability Database".
In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226234140π Read
via "National Vulnerability Database".
βΌ CVE-2023-21000 βΌ
π Read
via "National Vulnerability Database".
In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918π Read
via "National Vulnerability Database".
βΌ CVE-2023-21076 βΌ
π Read
via "National Vulnerability Database".
In createTransmitFollowupRequest of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-261857623References: N/Aπ Read
via "National Vulnerability Database".