Tag
#apple
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.
New research shows how third-party apps could be exploited to infiltrate these sensitive workplace tools.
Feehi CMS version 2.1.1 suffers from an authenticated remote code execution vulnerability.
Churches are using invasive phone-monitoring tech to discourage “sinful” behavior. Some software is seeing more than congregants realize.
Multix version 2.4 suffers from a cross site request forgery vulnerability.
Multix version 2.4 suffers from a cross site scripting vulnerability.
Security firm Chainguard has created a simple, open source way for organizations to defend the cloud against some of the most insidious attacks.
Categories: Exploits and vulnerabilities Categories: News Tags: CVE-2022-40959 Tags: CVE-2022-40960 Tags: CVE-2022-40962 Tags: CVE-2022-3033 Tags: Mozilla Tags: Firefox Tags: Thunderbird Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird which could be exploited to take control of a system. (Read more...) The post Update Firefox and Thunderbird now! Mozilla patches several high risk vulnerabilities appeared first on Malwarebytes Labs.
SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.