Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Bumsys Business Management System 1.0.3-beta Shell Upload

Bumsys Business Management System version 1.0.3-beta suffers from a remote shell upload vulnerability.

Packet Storm
#csrf#vulnerability#web#ios#windows#apple#google#apache#git#php#auth#chrome#webkit#ssl
Microsoft gives Apple a migraine

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: macOS Tags: Ventura 13.4 Tags: Monterey 12.6.6 Tags: Big Sur 11.7.7 Tags: libxpc Tags: SIP Tags: XPC Tags: NVRAM Tags: CVE-2023-32369 Tags: Migraine Microsoft has released details about a vulnerability that can bypass macOS's System Integrity Protection (Read more...) The post Microsoft gives Apple a migraine appeared first on Malwarebytes Labs.

Bitdefender Introduces GravityZone Security for Android, iOS, and Chromebook

By Habiba Rashid According to Bitdefender, GravityZone Security for Mobile is a cutting-edge solution that leverages powerful antimalware technologies driven by real-time threat intelligence and machine learning. This is a post from HackRead.com Read the original post: Bitdefender Introduces GravityZone Security for Android, iOS, and Chromebook

Apple's iOS 16.5 Fixes 3 Security Bugs Already Used in Attacks

Plus: Microsoft patches two zero-day flaws, Google’s Android and Chrome get some much-needed updates, and more.

Critical Firmware Backdoor in Gigabyte Systems Exposes ~7 Million Devices

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue. "Most Gigabyte firmware includes a Windows

CVE-2023-33507: Kramer VIA GO² - ZX Security

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read.

CVE-2023-29741: 最美天气

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database.

Papaya Medical Viewer 1.0 Cross Site Scripting

Papaya Medical Viewer version 1.0 suffers from a cross site scripting vulnerability.

Ubuntu Security Notice USN-6111-1

Ubuntu Security Notice 6111-1 - It was discovered that Flask incorrectly handled certain data responses. An attacker could possibly use this issue to expose sensitive information.

CVE-2023-26130: CRLF Injection in cpp-httplib@v0.12.3

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).