Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Pair of Apple Zero-Days Under Active Exploit; Patch & Update Accordingly

Unpatched Macs, iPhones, and iPads open to browser takeover and system kernel-level malicious code execution, Apple warns.

DARKReading
Open in Source
#vulnerability#web#ios#mac#apple#google#zero_day#webkit
CVE-2023-28206: About the security content of macOS Monterey 12.6.5

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Big Sur 11.7.6, macOS Ventura 13.3.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

CVE-2023-28205: About the security content of Safari 16.4.1

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Red Hat Security Advisory 2023-1549-01

Red Hat Security Advisory 2023-1549-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Roxy Fileman 1.4.5 Shell Upload

Roxy Fileman versions 1.4.5 and below for .NET suffer from a remote shell upload vulnerability.

WebsiteBaker 2.13.3 Cross Site Scripting

WebsiteBaker version 2.13.3 suffers from a cross site scripting vulnerability.

dotclear 2.25.3 Shell Upload

dotclear version 2.25.3 suffers from a remote shell upload vulnerability.

Paradox Security Systems IPR512 Denial Of Service

Paradox Security Systems version IPR512 suffers from a denial of service vulnerability.

CVE-2023-1969: bug_report/SQLi-1.md at main · Gear-D/bug_report

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file /admin/inventory/manage_stock.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225406 is the identifier assigned to this vulnerability.

CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands