Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2022-20234: Android Automotive OS Update Bulletin—July 2022  |  Android Open Source Project

In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitle (e.g. Settings app) to make users enable notification access permission for the malicious app. That is, users believe they enable the notification access permission for the Settings app, but actually they enable the notification access permission for the malicious app.Once the malicious app gets the notification access permission, it can read all notifications, including users' personal information.Product: AndroidVersions: Android-12LAndroid ID: A-225189301

CVE
Open in Source
#vulnerability#android#google#dos#rce#nokia#samsung#huawei
CVE-2022-20238: Android Security Bulletin—July 2022  |  Android Open Source Project

'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555

Sourcegraph gitserver sshCommand Remote Command Execution

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was patched by introducing a feature flag in version 3.37.0. This flag must be enabled for the protections to be in place which filter the commands that are able to be executed through the git exec REST API.

Update now—July Patch Tuesday patches include fix for exploited zero-day

July's Patch Tuesday gives us a lot of important security updates. Most prominently, a known to be exploited vulnerability in Windows CSRSS. The post Update now—July Patch Tuesday patches include fix for exploited zero-day appeared first on Malwarebytes Labs.

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one

CVE-2022-22039

Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22029.

CVE-2022-22024

Windows Fax Service Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22027.

CVE-2022-22029

Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22039.

CVE-2022-22027

Windows Fax Service Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22024.

CVE-2022-30214

Windows DNS Server Remote Code Execution Vulnerability.