‼ CVE-2022-46717 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2. A user with physical access to a locked Apple Watch may be able to view user photos via accessibility features📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10100 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The name of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46703 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to read sensitive location information📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42858 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32871 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information📖 Read
via "National Vulnerability Database".
🕴 Pair of Apple Zero-Days Under Active Exploit; Patch & Update Accordingly 🕴
📖 Read
via "Dark Reading".
Unpatched Macs, iPhones, and iPads open to browser takeover and system kernel-level malicious code execution, Apple warns.📖 Read
via "Dark Reading".
Dark Reading
Pair of Apple Zero-Days Under Active Exploit; Patch & Update Accordingly
Unpatched Macs, iPhones, and iPads open to browser takeover and system kernel-level malicious code execution, Apple warns.
âš Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads âš
📖 Read
via "Naked Security".
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🕴 Apps for Sale: Cybercriminals Sell Android Hacks for Up to $20K a Pop 🕴
📖 Read
via "Dark Reading".
The marketplace for malicious Google Play applications and app-takeover tools is thriving, thanks to novel hacking techniques and lax enterprise security.📖 Read
via "Dark Reading".
Dark Reading
Apps for Sale: Cybercriminals Sell Android Hacks for Up to $20K a Pop
The marketplace for malicious Google Play applications and app-takeover tools is thriving, thanks to novel hacking techniques and lax enterprise security.
‼ CVE-2023-26066 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26070 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26067 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27178 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26466 ‼
📖 Read
via "National Vulnerability Database".
A user with non-Admin access can change a configuration file on the client to modify the Server URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29005 ‼
📖 Read
via "National Vulnerability Database".
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26068 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26064 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27076 ‼
📖 Read
via "National Vulnerability Database".
Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26495 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28093 ‼
📖 Read
via "National Vulnerability Database".
A user with a compromised configuration can start an unsigned binary as a service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26773 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26065 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 have an Integer Overflow.📖 Read
via "National Vulnerability Database".