Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2022-35154: secf0ra11.github.io/Shopro_SQL_injection.md at main · secf0ra11/secf0ra11.github.io

Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter.

CVE
Open in Source
#sql#vulnerability#web#ios#windows#ubuntu#git#xpath#firefox
Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities

Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893 - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894 - An

The Android 13 Privacy Settings You Should Update Now

Google’s new mobile operating system has arrived. Take back some control with these privacy and security tips.

Unified Threat Management: The All-in-One Cybersecurity Solution

UTM (Unified threat management) is thought to be an all-in-one solution for cybersecurity. In general, it is a versatile software or hardware firewall solution integrated with IPS (Intrusion Prevention System) and other security services. A universal gateway allows the user to manage network security with one comprehensive solution, which makes the task much easier. In addition, compared to a

CVE-2022-34156: JVN#81563390: "Hulu / フールー" App for iOS vulnerable to improper server certificate verification

'Hulu / ????' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

CVE-2020-23622: CVE-2020-12695: CallStranger Vulnerability in Universal Plug and Play (UPnP) Puts Billions of Devices At Risk

** UNSUPPORTED WHEN ASSIGNED ** An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header.

CVE-2022-36010: Arbitrary code execution via function parsing

This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/components/JsonFunctionValue.js). To do this, Javascript's [`eval`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval) function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as a value within the JSON structure being displayed. Given that this component may often be used to display data from arbitrary, untrusted sources, this is extremely dangerous. One important note is that users who have defined a custom [`onSubmitValueParser`](https://github.com/oxyno-zeta/react-editable-json-tree/tree/09a0ca97835b0834ad054563e2fddc6f22bc5d8c#onsubmitvalueparser) callback prop on the [`JsonTree`](https://github.com/oxyno-zeta/react-editable-json-tree/b...

Windows, Linux and macOS Users Targeted by Chinese Iron Tiger APT Group

By Deeba Ahmed Chinese Espionage Group called Iron Tiger (aka LuckyMouse) is targeting Windows, Linux, and macOS Users with trojanized MiMi… This is a post from HackRead.com Read the original post: Windows, Linux and macOS Users Targeted by Chinese Iron Tiger APT Group

A week in security (August 8 - August 14)

Categories: A week in security Categories: News The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (August 8 - August 14) appeared first on Malwarebytes Labs.

How to Create a Secure Folder on Your Phone

Keep private photos, videos, and documents away from prying eyes.