‼ CVE-2023-28152 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47502 ‼
📖 Read
via "National Vulnerability Database".
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38745 ‼
📖 Read
via "National Vulnerability Database".
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.📖 Read
via "National Vulnerability Database".
🕴 Malicious ChatGPT Extensions Add to Google Chrome Woes 🕴
📖 Read
via "Dark Reading".
The second malicious ChatGPT extension for Chrome has been discovered, giving malicious actors access to users' Facebook accounts through stolen cookies.📖 Read
via "Dark Reading".
Dark Reading
Malicious ChatGPT Extensions Add to Google Chrome Woes
The second malicious ChatGPT extension for Chrome has been discovered, giving malicious actors access to users' Facebook accounts through stolen cookies.
🕴 Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month 🕴
📖 Read
via "Dark Reading".
A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.📖 Read
via "Dark Reading".
Dark Reading
Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month
A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.
🕴 GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository 🕴
📖 Read
via "Dark Reading".
GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.📖 Read
via "Dark Reading".
Dark Reading
GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository
GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.
🕴 CyberSecure Announces Strategic Alliance 🕴
📖 Read
via "Dark Reading".
The joint partnership represents expanded market opportunities.📖 Read
via "Dark Reading".
Dark Reading
CyberSecure Announces Strategic Alliance
The joint partnership represents expanded market opportunities.
🕴 Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest 🕴
📖 Read
via "Dark Reading".
In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.📖 Read
via "Dark Reading".
Dark Reading
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest
In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.
‼ CVE-2023-20995 ‼
📖 Read
via "National Vulnerability Database".
In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241910279📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21041 ‼
📖 Read
via "National Vulnerability Database".
In append_to_params of param_util.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-250123688References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21043 ‼
📖 Read
via "National Vulnerability Database".
In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239872581References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21036 ‼
📖 Read
via "National Vulnerability Database".
In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21042 ‼
📖 Read
via "National Vulnerability Database".
In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239873326References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21026 ‼
📖 Read
via "National Vulnerability Database".
In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21030 ‼
📖 Read
via "National Vulnerability Database".
In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226234140📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21000 ‼
📖 Read
via "National Vulnerability Database".
In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21076 ‼
📖 Read
via "National Vulnerability Database".
In createTransmitFollowupRequest of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-261857623References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21078 ‼
📖 Read
via "National Vulnerability Database".
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254840211References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20984 ‼
📖 Read
via "National Vulnerability Database".
In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242993878📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21060 ‼
📖 Read
via "National Vulnerability Database".
In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21029 ‼
📖 Read
via "National Vulnerability Database".
In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898📖 Read
via "National Vulnerability Database".