#chrome

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

By Waqas Going by the name of Witchetty; the hacker group is targeting countries in Africa and the Middle East. This is a post from HackRead.com Read the original post: Chinese Hackers Hiding Malware in Windows Logo

GuppY CMS version 6.00.10 suffers from an authenticated remote shell upload vulnerability.

Plus: CIA failures allegedly got US informants killed, a former NSA worker is charged under the Espionage Act, and more.

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.

Gentoo Linux Security Advisory 202209-23 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 105.0.5195.125 are affected.

The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.

Plus: WhatsApp plugs holes that could be used for remote execution attacks, Microsoft patches a zero-day vulnerability, and more.

hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.