Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2022-3141: Authenticated SQL injection vulnerability in “Translatepress Multilingual” Wordpress plugin

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.

CVE
Open in Source
#sql#vulnerability#web#ios#git#wordpress#php#auth#docker
A week in security (September 12 – 18)

Categories: News Tags: North Face Tags: Uber Tags: Edge Tags: MDR Tags: MSP Tags: Seasaw Tags: fuzzing Tags: iOS 16 Tags: WPGateway Tags: Steam Tags: Pixel Tags: zero-days Tags: passkey Tags: Facebook The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (September 12 – 18) appeared first on Malwarebytes Labs.

How to Use DuckDuckGo’s Privacy-First Email Service

Tired of advertisers spying on your private communications? This beta promises to kick tracking technology to the curb.

CVE-2022-40768: git/torvalds/linux.git - Linux kernel source tree

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

US Border Agents May Have a Copy of Your Text Messages

Plus: An AI artist exposes surveillance of Instagram users, the US charges Iranians over a ransomware campaign, and more.

GHSA-g9h5-vr8m-x2h4: TensorFlow vulnerable to `CHECK` fail in `AudioSummaryV2`

### Impact When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. ```python import tensorflow as tf arg_0='' arg_1=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None) arg_2=tf.random.uniform(shape=(2,1), dtype=tf.float32, maxval=None) arg_3=3 arg_4='' tf.raw_ops.AudioSummaryV2(tag=arg_0, tensor=arg_1, sample_rate=arg_2, max_outputs=arg_3, name=arg_4) ``` ### Patches We have patched the issue in GitHub commit [bf6b45244992e2ee543c258e519489659c99fb7f](https://github.com/tensorflow/tensorflow/commit/bf6b45244992e2ee543c258e519489659c99fb7f). The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blo...

Botched Crypto Mugging Lands Three U.K. Men in Jail

Three men in the United Kingdom were arrested this month after police responding to an attempted break-in at a residence stopped their car as they fled the scene. The authorities found weapons and a police uniform in the trunk, and say the trio intended to assault a local man and force him to hand over virtual currencies.

CVE-2022-37260: steal/main.js at c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9 · stealjs/steal

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js.