Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-43026: myCVE/TX3-2.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg.

CVE
Open in Source
#vulnerability#web#mac#windows#apple#dos#chrome#webkit
CVE-2022-43027: myCVE/TX3-5.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg.

CVE-2022-43029: myCVE/TX3-4.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg.

CVE-2022-43024: myCVE/TX3-6.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.

CVE-2022-43025: myCVE/TX3-1.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg.

Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware

An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years. Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to Earth Berberoka (aka GamblingPuppet) and DRBControl, citing tactical and targeting similarities as well as the abuse of

Improving privacy when browsing web: Alternative browsers and chrome extensions

By Waqas As the internet expands and new technological developments occur, we must look back at what matters most: our… This is a post from HackRead.com Read the original post: Improving privacy when browsing web: Alternative browsers and chrome extensions

CVE-2022-42188: CVE-nu11secur1ty/vendors/LavaLite at main · nu11secur1ty/CVE-nu11secur1ty

In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

CVE-2022-3368: Norton Security Advisories

A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.

CVE-2022-3421: Google Drive for desktop release notes

An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0