Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Don’t Sell Your Laptop Without Following These Steps

By Owais Sultan Before selling or trading in your laptop, it is important to prepare the device for its new owner as this will help ensure all of your personal data remains safe. This is a post from HackRead.com Read the original post: Don’t Sell Your Laptop Without Following These Steps

HackRead
Open in Source
#web#windows#apple#google#git#chrome#firefox
CVE-2022-23491: concerns about Trustcor

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next

The company plans to expand its Communication Safety features, which aim to disrupt the sharing of child sexual abuse material at the source.

Apple Expands End-to-End Encryption to iCloud Backups

The company will also soon support the use of physical authentication keys with Apple ID, and is adding contact verification for iMessage in 2023.

CVE-2022-45009: bug_report/UPLOAD.md at main · realguoxiufeng/bug_report

Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-45010: bug_report/SQLi-1.md at main · realguoxiufeng/bug_report

Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php.

CVE-2022-45008: bug_report/XSS-1.md at main · realguoxiufeng/bug_report

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module.

CVE-2022-44942: Arbitrary file delete vulnerability · Issue #1171 · casdoor/casdoor

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.

CVE-2022-41910: Fix OOB write in grappler. · tensorflow/tensorflow@a65411a

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.

CVE-2022-45326: Kwoksys 2.9.5 XXE

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.