Security
Headlines
HeadlinesLatestCVEs

Tag

#acer

CVE-2022-44741: Testimonial Slider

Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.

CVE
Open in Source
#xss#csrf#vulnerability#web#wordpress#acer#ssl
CVE-2020-35473: ACM CCS 2022

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.

China Operates Secret ‘Police Stations’ in Other Countries

Plus: The New York Post gets hacked, a huge stalkerware network is exposed, and the US claims China interfered with its Huawei probe.

CVE-2022-43286: Fixed JSON.parse() when reviver function is provided. · nginx/njs@2ad0ea2

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.

CVE-2022-42055: GL.iNET MT300N-V2 Vulnerabilities and Hardware Teardown

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.

CVE-2022-3095: sdk/CHANGELOG.md at master · dart-lang/sdk

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue.

A Pro-China Disinfo Campaign Is Targeting US Elections—Badly

The suspected Chinese influence operation had limited success. But it signals a growing threat from a new disinformation adversary.

The Hunt for the Dark Web’s Biggest Kingpin, Part 1: The Shadow

AlphaBay was the largest online drug bazaar in history, run by a technological mastermind who seemed untouchable—until his tech was turned against him.

An odd kind of cybercrime: Gift vouchers, medical records, and...food

Categories: News Tags: food Tags: medical Tags: nhs Tags: gousto Tags: compromise Tags: laptop Tags: vouchers Peter Foy racked up a peculiar list of compromises before being brought to justice (Read more...) The post An odd kind of cybercrime: Gift vouchers, medical records, and...food appeared first on Malwarebytes Labs.

CVE-2022-41415: vulnerabilities/CVE-2022-41415.md at main · 10TG/vulnerabilities

Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable.