Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2022-31263: Release v3.5.0 · mastodon/mastodon

app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.

CVE
Open in Source
#sql#web#ios#android#mac#redis#nodejs#js#git#perl#oauth#auth#ruby#postgres#docker#sap#ssl
Multiple Governments Buying Android Zero-Days for Spying: Google

An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.

Predator Spyware Using Zero-day to Target Android Devices

By Deeba Ahmed Spyware developer firm Cytrox is under Google’s radar for developing exploits against five 0-day flaws in Android and… This is a post from HackRead.com Read the original post: Predator Spyware Using Zero-day to Target Android Devices

CVE-2022-28874: Security advisories

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

How GDPR Is Failing

The world-leading data law changed how companies work. But four years on, there’s a lag on cleaning up Big Tech.

5 Casual Games You Can Play on Your Mobile Browser Now

By Owais Sultan Online gaming has always been the buddy of leisure time because they allow us to bring some enjoyment… This is a post from HackRead.com Read the original post: 5 Casual Games You Can Play on Your Mobile Browser Now

North Korean IT Workers Are Infiltrating Tech Companies

Plus: The Conti ransomware gang shuts down, Canada bans Huawei and ZTE, and more of the week’s top security news.

CVE-2022-29216: tensorflow/saved_model_cli.py at f3b9bf4c3c0597563b289c0512e98d4ce81f886e · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.

CVE-2022-24906: Keep exceptions http response generic by juliushaertl · Pull Request #3384 · nextcloud/deck

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.

CVE-2022-29160

Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available.