Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2022-45636: Insecure Authorization Scheme for API Requests in DBD+ Mobile Companion Application for Megafeis Smart Locks

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.

CVE
Open in Source
#vulnerability#web#ios#android#mac#git#auth
ChatGPT Bug Exposes Conversation History Titles

By Habiba Rashid Are you wondering why your ChatGPT conversation history has been unavailable since yesterday? Well, here is why! This is a post from HackRead.com Read the original post: ChatGPT Bug Exposes Conversation History Titles

CVE-2022-45637: megafeis-palm/CVE-2022-45637 at main · WithSecureLabs/megafeis-palm

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism.

CVE-2022-45635: megafeis-palm/CVE-2022-45635 at main · WithSecureLabs/megafeis-palm

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy.

GHSA-rwmf-w63j-p7gv: CairoSVG improperly processes SVG files loaded from external resources

# SSRF vulnerability ## Summary When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. ## Operating system, version and so on Linux, Debian (Buster) LTS core 5.10 / Parrot OS 5.1 (Electro Ara), python 3.9 ## Tested CairoSVG version 2.6.0 ## Details A specially crafted SVG file that loads an external resource from a URL. Remote attackers could exploit this vulnerability to cause a scan of an organization's internal resources or a DDOS attack on external resources. It looks like this bug can affect websites and cause request forgery on the server. ## PoC 1. Generating malicious svg file: 1.1 CairoSVG_exploit.svg: ```svg <?xml version="1.0" standalone="yes"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"> <image height="200" width="200" xlink:href...

Unpatched Samsung Chipset Vulnerabilities Open Android Users to RCE Attacks

Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.

A week in security (March 13 - 19)

Categories: News Tags: Becky Holmes Tags: Lock and Code S04E06 Tags: ransomware Tags: WhatsApp Tags: AI chatbot Tags: investment fraud Tags: Clop Tags: Microsoft zero-day Tags: Microsoft Tags: STALKER 2 Tags: Facebook Tags: Microsoft OneNote Tags: LockBit Tags: Rubrik The most interesting security related news from the week of March 13 to 19. (Read more...) The post A week in security (March 13 - 19) appeared first on Malwarebytes Labs.

CVE-2022-48424

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

The zero-day exploitation of a now-patched medium-security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments.

Chinese Hackers Exploiting 0-day Vulnerability in Fortinet Products

By Deeba Ahmed According to researchers, multiple Fortinet products were impacted by this vulnerability, including FortiManager, FortiGate, and FortiAnalyzer. This is a post from HackRead.com Read the original post: Chinese Hackers Exploiting 0-day Vulnerability in Fortinet Products