96 matches found
CVE-2021-30944
Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious app may be able to access data from other apps by enabling additional logging...
PT-2021-18990 · Apple · Ipados +4
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.2 iPadOS versions prior to 15.2 watchOS versions prior to 8.3 macOS Monterey versions prior to 12.1 tvOS versions prior to 15.2 Description: A logic issue was addressed with improved state management, which could allo...
CVE-2021-23977
Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 8...
Directory Traversal
Overview com.google.android.play:core is a Google Play Core Library. Affected versions of this package are vulnerable to Directory Traversal. This flaw is in the SplitCompat.install endpoint. A malicious attacker can create an apk which targets a specific application, and if a victim were to...
CVE-2020-8913
A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a...
PT-2020-20366 · Google · Google Play Core Library
Name of the Vulnerable Software and Affected Versions: Google Play Core Library versions prior to 1.7.2 Description: A local, arbitrary code execution issue exists in the SplitCompat.install endpoint in Android's Play Core Library. This allows a malicious attacker to create an apk that targets a...
New Privacy Features Added to the Upcoming Apple iOS 14 and macOS Big Sur
Unprecedented times call for unprecedented measures. No, we're not talking about 'coronavirus,' the current global pandemic because of which Apple—for the very first time in history—organized its Worldwide Developer Conference WWDC virtually. Here we're talking about a world in which we are all...
Unexpected ASP.Net application shutdown after many App_Data file changes occur on a server that is running Windows Server 2012 R2
Unexpected ASP.Net application shutdown after many AppData file changes occur on a server that is running Windows Server 2012 R2 Symptoms Consider the following scenario: You have a server that is running Windows Server 2012 R2. You set up a website on Internet Information Services IIS. You creat...
Zoom Caught in Cybersecurity Debate — Here's Everything You Need To Know
Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home became the new normal. The app has skyrocketed to 200...
Huawei Mate 20 and Mate 30 Pro License Issue Vulnerability (CNVD-2020-22000)
The Huawei Mate 20 and Mate 30 Pro are both smartphones from the Chinese company Huawei Huawei. An authorization issue vulnerability exists in Huawei Mate 20 before 10.0.0.188 C00E74R3P8 and Mate 30 Pro before 10.0.0.203 C00E202R7P2, which stems from the app locking feature failing to perform...
iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts
Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme. By default on Apple's iOS operating system, every app runs...
CVE-2019-9116
DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublimetext.exe to open a .txt file within an attacker's...
Apple Blasts Facebook Over Data-Sucking 'Research' App
Apple has revoked Facebook’s enterprise iOS developer certificate on the heels of a “Facebook Research” VPN app that was being distributed to consumers; the app paid teens and Millennial users in exchange for being able to track their phone and web activity, and has been available since 2016. App...
Multiple Shenzhen Tenda Products app_data_center Command Injection Vulnerabilities
Shenzhen Tenda Ac9 and so on are wireless router products of China Tenda Tenda Company. appdatacenter is one of the application data centers. A command injection vulnerability exists in appdatacenter in multiple Shenzhen Tenda products, which stems from the 'subA6E8 usbejectprocessentry' function...
Multiple Shenzhen Tenda Products app_data_center Path Traversal Vulnerability
Shenzhen Tenda Ac9 and so on are wireless router products of China Tenda Tenda Company. appdatacenter is one of the application data centers. A directory traversal vulnerability exists in appdatacenter in several Shenzhen Tenda products. A remote attacker can exploit this vulnerability to read...
UBUNTU-CVE-2017-0420
An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not...