Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-34570: Tenda AC10 v4 was discovered stack overflow via parameter devName at url /goform/SetOnlineDevName - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.

CVE
Open in Source
#vulnerability#web#mac#windows#apple#auth#chrome#webkit
CVE-2023-34569: Tenda AC10 v4 was discovered stack overflow via parameter list at url /goform/SetNetControlList - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.

CVE-2023-34567: Tenda AC10 v4 was discovered stack overflow via parameter list at url /goform/SetVirtualServerCfg - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.

CVE-2023-34571: Tenda AC10 v4 was discovered stack overflow via parameter shareSpeed at url /goform/WifiGuestSet - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.

CVE-2023-34568: Tenda AC10 v4 was discovered stack overflow via parameter time at url /goform/PowerSaveSet - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.

RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution

RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities.

Red Hat Security Advisory 2023-3410-01

Red Hat Security Advisory 2023-3410-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.20.

“Picture in Picture” Technique Exploited in New Deceptive Phishing Attack

By Habiba Rashid The innovative approach, known as “picture in picture,” capitalizes on users’ trust in familiar logos and promotions, making… This is a post from HackRead.com Read the original post: “Picture in Picture” Technique Exploited in New Deceptive Phishing Attack

Update Chrome now! Google patches actively exploited zero-day

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: V8 Tags: heap corruption Tags: type confusion Tags: CVE-2023-3079 Google has released a Chrome update for a zero-day for which an exploit is actively being used in the wild. (Read more...) The post Update Chrome now! Google patches actively exploited zero-day appeared first on Malwarebytes Labs.

CVE-2023-34239: Prevent path traversal in `/file` routes by abidlabs · Pull Request #4370 · gradio-app/gradio

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.