#mac

Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Researchers at Microsoft have discovered links between a threat group tracked as DEV-0196 and an Israeli private-sector company, QuaDream, that sells a platform for exfiltrating data from mobile devices.

Sielco PolyEco Digital FM Transmitter version 2.0.6 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks to gain full control of the system.

Ubuntu Security Notice 6013-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from authentication bypass, account takeover / lockout, and privilege escalation vulnerabilities that can be triggered by directly calling the user object and modifying the password of the two constants user/role (user/admin). This can be exploited by an unauthenticated adversary by issuing a single POST request to the vulnerable endpoint and gain unauthorized access to the affected device with administrative privileges.

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this issue via a specially crafted request to gain access to sensitive information.

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from a radio data system POST manipulation vulnerability.

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an authorization bypass vulnerability.

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an authentication bypass vulnerability.