Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Dozens of high-traffic websites vulnerable to ‘account pre-hijacking’, study finds

Validation check loopholes exposed

PortSwigger
Open in Source
#vulnerability#web#ios#google#microsoft#wordpress#pdf#auth
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

UPDATE July 12, 2022: As part of the response by Microsoft, a defense in depth variant has been found and fixed in the Windows July cumulative updates. Microsoft recommends installing the July updates as soon as possible. Windows Version Link to KB article LInk to Catalog Windows 8.1, Windows Server 2012 R2 5015805 Download Windows Server 2012 5015805 Download Windows 7, Windows Server 2008 R2 5015805 Download Windows Server 2008 SP2 5015805 Download On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability.

Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks

Organizations must ensure their kubelets and related APIs aren’t inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.

CVE-2022-26738: About the security content of macOS Monterey 12.4

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26724: About the security content of tvOS 15.5

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.

CVE-2022-22675: About the security content of macOS Big Sur 11.6.6

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-22673: About the security content of iOS 15.5 and iPadOS 15.5

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

CVE-2022-24417: DSA-2022-095: Dell Client Platform Security Update for SMM Vulnerabilities

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

LinkedIn bug bounty program goes public with rewards of up to $18k

Social media platform ends private program after paying $250,000 in rewards over eight years

CVE-2022-20821: Cisco Security Advisory: Cisco IOS XR Software Health Check Open Port Vulnerability

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.