#ios

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below allows an unauthenticated attacker to disconnect the current monitoring user from listening/monitoring and takeover the radio stream on a specific channel.

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffers from an insufficient session expiration vulnerability.

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if another plugin or theme is installed on the site that allows lower privileged users with unfiltered_html the ability to modify post/page titles with malicious web scripts.

# Microsoft Security Advisory CVE-2022-41089: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1, .NET 6.0., and .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A remote code execution vulnerability exists in .NET Core 3.1, .NET 6.0, and .NET 7.0, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/242 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 WinForms or WPF application running on .NET 7.0.0 or earlier. * Any .NET 6.0 W...

Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code.

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.

Former pure-play deception startup Illusive attracts Proofpoint with its repositioned platform focusing on identity threat detection and response (ITDR).

The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.

Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: Microsoft Tags: Android Tags: Apple Tags: Mozilla Tags: Google Tags: Sap Tags: Citrix Tags: Fortinet Tags: Cisco Tags: CVE-2022-44698 Tags: MotW Tags: CVE-2022-44710 Tags: race condition Tags: CVE-2022-44670 Tags: CVE-2022-44676 Tags: CVE-2022-41076 Tags: remote powershell The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed (Read more...) The post Update now! Two zero-days fixed in 2022's last patch Tuesday appeared first on Malwarebytes Labs.

The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518, could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and