Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2022-35118: AARO-Bugs/AARO-CVE-List.md at master · Accenture/AARO-Bugs

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

CVE
#sql#xss#csrf#vulnerability#ios#android#mac#windows#apple#google#microsoft#linux#cisco#dos#git#java#oracle#php#rce#ssrf#vmware#buffer_overflow#samsung#auth#chrome#firefox#wifi
You Need a Password Manager. Here Are the Best Ones

Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.

A week in security (July 25 - July 31)

Categories: A week in security Tags: backdoor Tags: blog recap Tags: bytedance Tags: cookies Tags: data breach Tags: Google Tags: linux Tags: microsoft Tags: ransomware Tags: SQL injection Tags: T-Mobile Tags: tiktok Tags: Uber Tags: week in security The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (July 25 - July 31) appeared first on Malwarebytes Labs.

Apple Just Patched 37 iPhone Security Bugs

Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.

CVE-2022-23004: WDC-22013 Sweet B Incorrect Output Vulnerabilities | Western Digital

When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.

CVE-2022-35643: Security Bulletin: IBM PowerVM VIOS could allow a remote attacker to tamper with system configuration or cause a denial of service (CVE-2022-35643)

IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956.

CVE-2021-41556: Squirrel - The Programming Language

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.