Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-35667: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE
Open in Source
#vulnerability#mac#windows#apple#ssh#zero_day
CVE-2022-34235: Adobe Security Bulletin

Adobe Premiere Elements version 2020v20 (and earlier) is affected by an Uncontrolled Search Path Element which could lead to Privilege Escalation. An attacker could leverage this vulnerability to obtain admin using an existing low-privileged user. Exploitation of this issue does not require user interaction.

This Anti-Tracking Tool Checks If You’re Being Followed

The Raspberry Pi-powered device can scan for phones around you. If it keeps spotting the same one, it’ll send you an alert.

CVE-2022-2749: Record3/Gym Management System Project- Arbitrary file upload vulnerability.md at main · Blythe-LU/Record3

A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?view_exercises. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206017 was assigned to this vulnerability.

Podcast: Inside the Hackers’ Toolkit

This edition of the Threatpost podcast is sponsored by Egress.

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

Four serious security issues on the popular appliance could be exploited by hackers with any level of access within the host network, Bitdefender researchers say.

CVE-2022-32189: math/big: index out of range in Float.GobDecode · Issue #53871 · golang/go

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

CVE-2022-22983: VMSA-2022-0023

VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.

CVE-2022-35517: othercveinfo/README.md at main · TyeYeah/othercveinfo

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.