Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2023-38878: GitHub - devcode-it/openstamanager: Il software gestionale open source per l'assistenza tecnica e la fatturazione

A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'.

CVE
Open in Source
#sql#xss#vulnerability#web#ios#mac#windows#linux#nodejs#git#java#php#oauth#auth#dell
Apple Security Advisory 2023-09-07-2

Apple Security Advisory 2023-09-07-2 - iOS 16.6.1 and iPadOS 16.6.1 addresses buffer overflow and code execution vulnerabilities.

Red Hat Security Advisory 2023-5043-01

Red Hat Security Advisory 2023-5043-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

CVE-2020-24088: GitHub - rjt-gupta/CVE-2020-24088: Windows Privilege Escalation: Foxconn Live Update Utility v2.1.6.26

An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges.

Crypto Bot Trading: What It Is and Successful Strategies

By ghostadmin Crypto bot trading is the use of automated software to buy and sell cryptocurrencies. These bots are programmed… This is a post from HackRead.com Read the original post: Crypto Bot Trading: What It Is and Successful Strategies

CVE-2023-3612: SK-CERT Bezpečnostné varovanie V20230811-10 ~ SK-CERT

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.

A week in security (September 4 - September 10)

Categories: News Tags: week Tags: security Tags: September Tags: 2023 Tags: Atomic stealer Tags: Microsoft breach A list of topics we covered in the week of September 4 to September 10 of 2023 (Read more...) The post A week in security (September 4 - September 10) appeared first on Malwarebytes Labs.

Mozilla: Your New Car Is a Data Privacy Nightmare

Plus: Apple patches newly discovered flaws exploited by NSO Group spyware, North Korean hackers target security researchers, and more.

CVE-2023-28010: Knowledge Article View HCL - Customer Support

In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized