CVE-2022-48505

This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system...

CVE-2022-48505

CVE-2022-48505 is described as an issue where an app may modify protected parts of the file system; Apple notes a fix in macOS Ventura 13. Connected documents tie the issue to the Dirty NIB attack seen in Notion Web Clipper 1.0.3(7) and to the broader risk from NIB file manipulation, with sources...

Malvertising: A stealthy precursor to infostealers and ransomware attacks

This article is based on research by Jerome Segura, Senior Director of Threat Intelligence at Malwarebytes, who oversees data collection from spam feeds and telemetry to identify the most relevant threats. Malvertising, the practice of using online ads to spread malware, can have dire...

Microsoft Edge browser’s vulnerability, related to insufficient protection of service data, allows attackers to gain unauthorized access to protected information.

The vulnerability of Microsoft Edge relates to insufficient protection of service data. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

The vulnerability of the Apache Traffic Server web server lies in the lack of protection for service data, which allows attackers to disclose the protected information.

The vulnerability of the Apache Traffic Server web server is related to the lack of protection for service data. Exploiting this vulnerability can allow a remote attacker to disclose the protected information...

The vulnerability of FortiOS operating systems and FortiProxy proxy servers related to insufficient protection of registration data allows attackers to expose confidential information.

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server for protecting against Internet attacks is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to obtain and disclose confidential information...

CVE-2022-42792

This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information...

CVE-2022-42792

This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information...

Information disclosure

This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information...

CVE-2023-32386

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to observe unprotected user data...

CVE-2022-42792

This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information...

CVE-2022-42792

This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information...

PT-2023-14147 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16.1 iPadOS versions prior to 16 Description: The issue allows an app to potentially read sensitive location information due to inadequate data protection. This has been addressed with improved data protection measures...

CVE-2022-42792

CVE-2022-42792 affects iOS/iPadOS where an app may read sensitive location information due to inadequate data protection. Multiple connected sources confirm the issue and outcomes: Apple’s security content states the fix is in iOS 16.1 and iPadOS 16; Red Hat/PRION and NVD entries mirror this, not...

PT-2023-5205 · Fortinet · Fortisiem

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSIEM versions 6.7.0 through 6.7.5 Description: The issue is related to insufficient protection of service data in the security management system, allowing an attacker to disclose sensitive information via crafted HTTP requests...

Makves DCAP 安全漏洞

Makves DCAP is a data protection and risk management related to the storage and access of information resources from the Russian company Makves. A security vulnerability exists in Makves DCAP version v3.0.0.122, which stems from incorrect access control. An attacker exploits the vulnerability to...

IBM Security Guardium License Issue Vulnerability (CNVD-2023-51459)

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium has an authorization issue...

PT-2023-3555 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.7.6 IBM Robotic Process Automation versions 23.0.0 through 23.0.6 Description: The issue is related to weaknesses in the authentication procedure of the software. Exploitation of thi...

Introducing AI-guided Remediation for IaC Security / KICS

While the use of Infrastructure as Code IaC has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations to...

The vulnerability of the Windows Installer component on Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows Installer component in Windows operating systems is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...