#ios

Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.

Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application.

In conjunction with Black Hat 2022, pioneer of digital executive protection also announces new security innovations and SOC 2 Type II certification.

The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.

CREST provides commercially defensible scoping, delivery, and sign-off recommendations for penetration tests.

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4206: QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow * CVE-2021-4207: QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow * CVE-2022-26353: QEMU: virtio-net: map leaking on error during receive * CVE-2022-26354: QEMU: vhost-vsock: missing virtqueue detach on error can...

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.

Categories: A week in security Tags: backdoor Tags: blog recap Tags: bytedance Tags: cookies Tags: data breach Tags: Google Tags: linux Tags: microsoft Tags: ransomware Tags: SQL injection Tags: T-Mobile Tags: tiktok Tags: Uber Tags: week in security The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (July 25 - July 31) appeared first on Malwarebytes Labs.

Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.