Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-44721: GitHub - purplededa/CVE-2022-44721-CsFalconUninstaller

CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.)

CVE
Open in Source
#vulnerability#mac#windows#git#auth
Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion

Schoolyard Bully Malware Stealing Facebook Credentials on Android

By Deeba Ahmed The campaign is ongoing, and so far, Schoolyard Bully Malware has victimized over 300,000 Facebook users on Android devices across 71 countries. This is a post from HackRead.com Read the original post: Schoolyard Bully Malware Stealing Facebook Credentials on Android

GHSA-rp2v-v467-q9vq: GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package

### Impact Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed. This is due to a path traversal vulnerability when extracting the `.tar.gz` file of the package being scanned, which exists by design in the `tarfile.TarFile.extractall` function. See also https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall ### Remediation Upgrade to GuardDog v0.1.5 or more recent. ### References * https://semgrep.dev/r?q=trailofbits.python.tarfile-extractall-traversal.tarfile-extractall-traversal * https://www.trellix.com/en-us/about/newsroom/stories/research/tarfile-exploiting-the-world.html * https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall

8 Reasons Why Enterprises Use Java

By Owais Sultan Java is one of the most well-known programming languages and software platforms that is used on countless devices… This is a post from HackRead.com Read the original post: 8 Reasons Why Enterprises Use Java

CVE-2022-45657: CVE-vulns/fromSetIpMacBind.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.

CVE-2022-45648: CVE-vulns/formSetDeviceName.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.

CVE-2022-45643: CVE-vulns/addWifiMacFilter_deviceId.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function.

CVE-2022-45645: CVE-vulns/addWifiMacFilter_derviceMac.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.