#acer

### Impact **Versions impacted** * `<=` go-car@v0.3.3 * `<=` go-car@v2.3.0 **Description** Decoding CAR data from untrusted user input can cause: - Panics: - Out of bound memory access - Out of memory - Divide by zero - Excessive memory usage Such panics can be triggered by intentionally malformed CARv1 data, including CARv1 data within a CARv2 container; and also CARv2 data with excessively large indexes. These vulnerabilities are not known to be exploited in the wild and were discovered primarily with the use of code fuzzing tooling. **Details** **Out of bound memory access** (OOB), **out of memory** (OOM) panics or **excessive memory usage** can be triggered by decode of malformed CARv1 headers, malformed CARv1 sections, and malformed CIDv0 data used in CARv1 sections. This also applies to CARv1 data within a CARv2 container. Additionally, we wish to use this security advisory to make clear to consumers of CARv2 format data that **loading CARv2 indexes from untrus...

By Deeba Ahmed Tech Inquiry’s Jack Paulson has shared startling details about a 3-year contract between the US Department of Homeland… This is a post from HackRead.com Read the original post: Report Claims Coinbase Selling User Geolocation Data to ICE

By Deeba Ahmed Currently, over 30 sites have been marked as malicious by Google’s Safe Browsing feature. Google TAG (Threat Analysis… This is a post from HackRead.com Read the original post: Google cracks down on sites with ties to hack-for-hire groups in UAE, Russia, India

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88.

A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly.

A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes.

Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud.

Zyxel firewalls, AP controllers, and APs suffer from buffer overflow, format string, and command injection vulnerabilities.

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Versions 4.0.11 and 5.2.2 prevent this by introducing a new `rootCertificateUrl` property to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple's Game Center authentication certificate. If no value is set, the `rootCertificateUrl` property defaults to the URL of the current root certificate as of May 27, 2022. Keep in mind that the root certificate can change at any time and that it is the developer's responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter. There are no k...