⚠ Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads ⚠
📖 Read
via "Naked Security".
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🕴 Apps for Sale: Cybercriminals Sell Android Hacks for Up to $20K a Pop 🕴
📖 Read
via "Dark Reading".
The marketplace for malicious Google Play applications and app-takeover tools is thriving, thanks to novel hacking techniques and lax enterprise security.📖 Read
via "Dark Reading".
Dark Reading
Apps for Sale: Cybercriminals Sell Android Hacks for Up to $20K a Pop
The marketplace for malicious Google Play applications and app-takeover tools is thriving, thanks to novel hacking techniques and lax enterprise security.
‼ CVE-2023-26066 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26070 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26067 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27178 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26466 ‼
📖 Read
via "National Vulnerability Database".
A user with non-Admin access can change a configuration file on the client to modify the Server URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29005 ‼
📖 Read
via "National Vulnerability Database".
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26068 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26064 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27076 ‼
📖 Read
via "National Vulnerability Database".
Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26495 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28093 ‼
📖 Read
via "National Vulnerability Database".
A user with a compromised configuration can start an unsigned binary as a service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26773 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26065 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 have an Integer Overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26063 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26069 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-29192 ‼
📖 Read
via "National Vulnerability Database".
SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1668 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24721 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26467 ‼
📖 Read
via "National Vulnerability Database".
A man in the middle can redirect traffic to a malicious server in a compromised configuration.📖 Read
via "National Vulnerability Database".