#mac

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php.

Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.

The Meta-owned app offers end-to-end encryption of texts, images, and more by default—but its settings aren't as private as they could be.

Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.

Wide use and lack of support for malware detection technologies has made VMware's virtualization technology a prime target for cyberattackers.

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Snap One Equipment: OvrC Cloud, OvrC Pro Devices Vulnerabilities: Improper Input Validation, Observable Response Discrepancy, Improper Access Control, Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, Open Redirect, Use of Hard-coded Credentials, Hidden Functionality 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to impersonate and claim devices, execute arbitrary code, and disclose information about the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Snap One component is affected: OvrC Pro version 7.1 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests t...

Operational technology (OT) cybersecurity is a challenging but critical aspect of protecting organizations' essential systems and resources. Cybercriminals no longer break into systems, but instead log in – making access security more complex and also more important to manage and control than ever before. In an effort to solve the access-related challenges facing OT and critical infrastructure

The threat actors behind the CopperStealer malware resurfaced with two new campaigns in March and April 2023 that are designed to deliver two novel payloads dubbed CopperStealth and CopperPhish. Trend Micro is tracking the financially motivated group under the name Water Orthrus. The adversary is also assessed to be behind another campaign known as Scranos, which was detailed by Bitdefender in

An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI...

An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2491: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 9.2.