Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2022-36914: Jenkins Security Advisory 2022-07-27

Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CVE
Open in Source
#xss#csrf#vulnerability#web#android#google#git#java#auth#ssh#rpm#maven
CVE-2022-36897: Jenkins Security Advisory 2022-07-27

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.

These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware

As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. "All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up. While masquerading as innocuous

CVE-2021-40180

In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts.

PCProtect Endpoint 5.17.470 Tampering / Privilege Escalation

PCProtect Endpoint version 5.17.470 fails to provide sufficient anti-tampering protection that can be leveraged to achieve SYSTEM privileges.

OpenFHE Brings New Encryption Tools to Developers

The open source fully homomorphic encryption library from Duality Technologies is intended to help developers build their own FHE-enabled applications.

CVE-2022-34907: Filewave MDM Security Vulnerabilities Uncovered by Claroty

An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform.

Flaws in Enabot Ebo Air Home Security Robot Allowed Attackers to Spy on Users

By Deeba Ahmed If exploited, the flaw could have allowed an attacker to hijack the device’s camera and microphone to spy… This is a post from HackRead.com Read the original post: Flaws in Enabot Ebo Air Home Security Robot Allowed Attackers to Spy on Users

Update Google Chrome now! New version includes 11 important security patches

Google has issued an update for the Chrome browser that includes 11 security fixes, including 5 with a high severity The post Update Google Chrome now! New version includes 11 important security patches appeared first on Malwarebytes Labs.

Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France

The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. No fewer than 70,000 Android devices are said to have been infected as part of the active malware operation, Sekoia said in a report published last week. Attack chains involving Roaming