‼ CVE-2022-38745 ‼
📖 Read
via "National Vulnerability Database".
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.📖 Read
via "National Vulnerability Database".
🕴 Malicious ChatGPT Extensions Add to Google Chrome Woes 🕴
📖 Read
via "Dark Reading".
The second malicious ChatGPT extension for Chrome has been discovered, giving malicious actors access to users' Facebook accounts through stolen cookies.📖 Read
via "Dark Reading".
Dark Reading
Malicious ChatGPT Extensions Add to Google Chrome Woes
The second malicious ChatGPT extension for Chrome has been discovered, giving malicious actors access to users' Facebook accounts through stolen cookies.
🕴 Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month 🕴
📖 Read
via "Dark Reading".
A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.📖 Read
via "Dark Reading".
Dark Reading
Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month
A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.
🕴 GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository 🕴
📖 Read
via "Dark Reading".
GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.📖 Read
via "Dark Reading".
Dark Reading
GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository
GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.
🕴 CyberSecure Announces Strategic Alliance 🕴
📖 Read
via "Dark Reading".
The joint partnership represents expanded market opportunities.📖 Read
via "Dark Reading".
Dark Reading
CyberSecure Announces Strategic Alliance
The joint partnership represents expanded market opportunities.
🕴 Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest 🕴
📖 Read
via "Dark Reading".
In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.📖 Read
via "Dark Reading".
Dark Reading
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest
In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.
‼ CVE-2023-20995 ‼
📖 Read
via "National Vulnerability Database".
In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241910279📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21041 ‼
📖 Read
via "National Vulnerability Database".
In append_to_params of param_util.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-250123688References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21043 ‼
📖 Read
via "National Vulnerability Database".
In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239872581References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21036 ‼
📖 Read
via "National Vulnerability Database".
In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21042 ‼
📖 Read
via "National Vulnerability Database".
In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239873326References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21026 ‼
📖 Read
via "National Vulnerability Database".
In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21030 ‼
📖 Read
via "National Vulnerability Database".
In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226234140📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21000 ‼
📖 Read
via "National Vulnerability Database".
In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21076 ‼
📖 Read
via "National Vulnerability Database".
In createTransmitFollowupRequest of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-261857623References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21078 ‼
📖 Read
via "National Vulnerability Database".
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254840211References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20984 ‼
📖 Read
via "National Vulnerability Database".
In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242993878📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21060 ‼
📖 Read
via "National Vulnerability Database".
In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21029 ‼
📖 Read
via "National Vulnerability Database".
In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21008 ‼
📖 Read
via "National Vulnerability Database".
In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257030100📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28444 ‼
📖 Read
via "National Vulnerability Database".
angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the apps index.html (or defined index file). With version 15.0.0 the environment variable detection was widened to the entire project, relative to the angular.json file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the ngssc.json, which would then be populated and exposed via index.html. This has NO IMPACT, in a plain Angular project that has no backend component. This vulnerability has been mitigated in version 15.1.0, by adding an option `searchPattern` which restricts the detection file range by default. As a workaround, manually edit or create ngssc.json or run script after ngssc.json generation.📖 Read
via "National Vulnerability Database".