Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2022-21938: Product Security Advisories

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.

CVE
Open in Source
#vulnerability#web#ios#windows#microsoft#linux#oracle#rce#perl#samba#auth#wifi#ssl
CVE-2022-28749: Security Bulletin

Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host.

CVE-2022-28226: Яндекс Охота в Браузере

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.

CVE-2021-41415: Subscription-Manager v1.0 /main.js hava a XSS Vulnerability · Issue #2 · youranreus/Subscription-Manager

Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter.

CVE-2022-32550: Security advisory for 1Password apps and integrations

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

CVE-2022-24127: REDCap Change Log - Eastern Virginia Medical School (EVMS), Norfolk, Hampton Roads

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page.

CVE-2022-22444: Security Bulletin: AIX is vulnerable to a denial of service due to lpd (CVE-2022-22444)

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444.

Stealthy Symbiote Linux malware is after financial institutions

Symbiote, the latest malware to hit Linux users, is a parasite more than anything. Protect against this banking credential stealer now! The post Stealthy Symbiote Linux malware is after financial institutions appeared first on Malwarebytes Labs.

Hackers Using Web3 Backdoor Wallets to Steal Seed Phrases from iOS/Android Users

By Deeba Ahmed A Chinese-speaking, technically skilled threat actor distributes backdoored applications to extract cash from victims in the newly discovered… This is a post from HackRead.com Read the original post: Hackers Using Web3 Backdoor Wallets to Steal Seed Phrases from iOS/Android Users

CVE-2021-42675: Internetagentur für Konzept, Design, CMS & eCommerce. – Internetagentur für Konzept, Design, CMS & eCommerce.

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.