Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-43026: myCVE/TX3-2.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg.

CVE
Open in Source
#vulnerability#web#mac#windows#apple#dos#chrome#webkit
CVE-2022-43027: myCVE/TX3-5.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg.

CVE-2022-43028: myCVE/TX3-3.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg.

CVE-2022-43029: myCVE/TX3-4.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg.

CVE-2022-43039: SEGV isomedia/meta.c:1929 in gf_isom_meta_restore_items_ref · Issue #2281 · gpac/gpac

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.

Improving privacy when browsing web: Alternative browsers and chrome extensions

By Waqas As the internet expands and new technological developments occur, we must look back at what matters most: our… This is a post from HackRead.com Read the original post: Improving privacy when browsing web: Alternative browsers and chrome extensions

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-42188: CVE-nu11secur1ty/vendors/LavaLite at main · nu11secur1ty/CVE-nu11secur1ty

In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

GHSA-6mhr-52mv-6v6f: Field-level access-control bypass for multiselect field

#### Impact `@keystone-6/[email protected] || 2.3.0` users who are using the `multiselect` field, and provided field-level access control - are vulnerable to their field-level access control not being used. List-level access control is **NOT** affected. Field-level access control for fields other than `multiselect` are **NOT** affected. Example, **you are vulnerable if** you are using field-level access control on a `multiselect` like the following: ```ts const yourList = list({ access: { // this is list-level access control, this is NOT impacted }, fields: { yourFieldName: multiselect({ // this is field-level access control, for multiselect fields // this is vulnerable access: { create: ({ session }) => session?.data.isAdmin, update: ({ session }) => session?.data.isAdmin, }, options: [ { value: 'apples', label: 'Apples' }, { value: 'oranges', label: 'Oranges' }, ], // ... }), // ... }, ...

Warning: "FaceStealer" iOS and Android apps steal your Facebook login

Categories: Awareness Categories: News Tags: FaceStealer Tags: Facebook stealer Tags: Facebook Tags: Nathan Collier Tags: Meta Tags: fake Android apps Tags: fake iOS apps FaceStealer is back. As a seasoned threat to legitimate app stores, expect it to be gone and then back again. (Read more...) The post Warning: "FaceStealer" iOS and Android apps steal your Facebook login appeared first on Malwarebytes Labs.