Security
Headlines
HeadlinesLatestCVEs

Tag

#java

Apple Security Advisory 2022-07-20-7

Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.

Packet Storm
Open in Source
#vulnerability#web#mac#apple#java#intel#c++#webkit
CVE-2022-36131

The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page.

Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists

The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed

GHSA-fjh6-p566-wr6q: skylot jadx affected by Incorrect Behavior Order in vulnerable dependency

### Impact Vulnerable library protobuf-java 3.11.4 (CVE-2021-22569) ### Patches Dependency updated in jadx 1.4.3 ### References According to the AquaSecurity report: ![05F1C52A666E4FCC844ABD085BD55124](https://user-images.githubusercontent.com/118523/177364939-087e2144-9a8a-4594-ae90-eb2acb0a2036.png) Also, Maven repository have links to this and other vulnerabilities from dependencies: https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java/3.11.4

GHSA-6rh6-x8ww-9h97: Grails framework Remote Code Execution via Data Binding

### Impact A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR. ### Patches Grails framework versions 5.2.1, 5.1.9, 4.1.1, and 3.3.15 ### References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35912 https://grails.org/blog/2022-07-18-rce-vulnerability.html ### For more information If you have any questions or comments about this advisory: * https://grails.org/blog/2022-07-18-rce-vulnerability.html * https://github.com/grails/grails-core/issues/12626 * Email us at [[email protected]](mailto:[email protected]) ### Credit This vulnerability was discovered by [meizjm3i](https://github.com/meizjm3i) and [codeplutos](https://github.com/codeplutos) of AntGroup FG Security Lab

Microsoft Office Most Exploited Software in Malware Attacks – Report

By Deeba Ahmed Research reveals that around 80% of all malware attacks used MS Office flaws. Atlas VPN has shared its… This is a post from HackRead.com Read the original post: Microsoft Office Most Exploited Software in Malware Attacks – Report

CVE-2022-33198: Accordions – Multiple Accordions or FAQs Builder

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.

CVE-2022-31475: GiveWP – Donation Plugin and Fundraising Platform

Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

CVE-2022-28666: Custom Product Tabs for WooCommerce

Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.