Security
Headlines
HeadlinesLatestCVEs

Tag

#google

GHSA-g9xm-7538-mq8w: Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder

### Impact An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0 (see https://github.com/Exiv2/exiv2/pull/2337), so Exiv2 versions before v0.28 are _not_ affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. ### Patches The bug is fixed in version v0.28.2. ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security. ### Credit This bug was found by [OSS-Fuzz](https://github.com/google/oss-fuzz).

ghsa
Open in Source
#vulnerability#google#git#c++#auth
ClickFix Attack: Fake Google Meet Alerts Install Malware on Windows, macOS

Protect yourself from the ClickFix attack! Learn how cybercriminals are using fake Google Meet pages to trick users…

Is a CPO Still a CPO? The Evolving Role of Privacy Leadership

Has the role of chief privacy officer become something more than it was? And is it still a role that just one person can handle?

ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution

ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to perform network operations such as ping, traceroute, or nslookup on arbitrary hosts or IPs by sending a crafted GET request to networkDiagAjax.php. This could be exploited to interact with or probe internal or external systems, leading to internal information disclosure and misuse of network resources.

Ubuntu Security Notice USN-7073-1

Ubuntu Security Notice 7073-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-7072-1

Ubuntu Security Notice 7072-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-7071-1

Ubuntu Security Notice 7071-1 - A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system.

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura.  Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities.  UAT-5647 is also known

New Tool DVa Detects and Removes Android Malware

Discover DVa, a new tool that detects and removes malware exploiting accessibility features on Android devices. Learn how…

ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Configuration Download

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script.