Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-38183: usd-2022-0015 | Broken Access Control in Gitea - usd HeroLab

In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles.

CVE
Open in Source
#csrf#vulnerability#web#windows#apple#linux#git#chrome#webkit
CVE-2022-35559: IOT/Tenda/W6/stackoverflow/formSetAutoPing at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.9(4122), which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack. An attacker can use this vulnerability to execute arbitrary code execution.

CVE-2022-35558: IOT/Tenda/W6/stackoverflow/WifiMacFilterGet at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/WifiMacFilterGet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

CVE-2022-35557: IOT/Tenda/W6/stackoverflow/wifiSSIDget at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

CVE-2022-35561: IOT/Tenda/W6/stackoverflow/WifiMacFilterSet at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

CVE-2022-35560: IOT/Tenda/W6/stackoverflow/wifiSSIDset at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

CVE-2022-35555: IOT/README.md at main · ilovekeer/IOT

A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution.

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.

CVE-2022-35667: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

This Anti-Tracking Tool Checks If You’re Being Followed

The Raspberry Pi-powered device can scan for phones around you. If it keeps spotting the same one, it’ll send you an alert.