97 matches found
CVE-2023-28872
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport location...
CVE-2023-29066
The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders...
PT-2023-22123 · Unknown · Facschorus
Name of the Vulnerable Software and Affected Versions: FACSChorus affected versions not specified Description: The issue concerns improper assignment of data access privileges for operating system user accounts in the FACSChorus software. This allows a non-administrative OS account to modify...
CVE-2023-40429
A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data...
Apple iOS and iPadOS Security Vulnerabilities
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS 17 and iPadOS 17, which arises from an application that may be able to access...
Turla Exploits Ukraine’s Defense Sector with DeliveryCheck Backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DeliveryCheck, a .NET-based backdoor, targets Ukraines defense sector, attributed to Russian actor Turla; it aims to exfiltrate Signal app data. Notably, it breaches Microsoft Exchange servers using...
CVE-2022-47757
In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load module...
CVE-2022-36970
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...
Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels
An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its Privacy Not Included initiative, compar...
BlogEngine 输入验证错误漏洞
BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. BlogEngine.NET v3.3.8.0 version of a security vulnerability , the vulnerability stems from the ability to create any folder with the prefix "files" under /AppData/...
PT-2023-13982 · Unknown · Blogengine.Net
Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: The issue allows an attacker to create any folder with a files prefix under the /App Data/ directory. Recommendations: For BlogEngine.NET version 3.3.8.0, consider restricting access to the /App Dat...
PT-2023-1098 · Zoom · Zoom
Name of the Vulnerable Software and Affected Versions: Zoom for Android versions prior to 5.13.0 Description: The issue is related to incorrect restriction of the path name to a directory with limited access, allowing a third-party app to exploit this and read and write to the Zoom application da...
CVE-2022-35734
'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
CVE-2022-36834
Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction...
CVE-2022-36834
CVE-2022-36834 affects Samsung Game Launcher prior to version 6.0.07. The issue is described as exposure of sensitive information that allows a local attacker to access app data with user interaction. The connected PT-Security entry explicitly recommends updating to version 6.0.07 or later to res...
About the security content of Apple Music 3.9.10 for Android
About the security content of Apple Music 3.9.10 for Android This document describes the security content of Apple Music 3.9.10 for Android. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred...
CVE-2022-27576
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission...
CVE-2022-27576
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission...
Samsung DeX Home 安全漏洞
Samsung DeX Home is a Samsung DeX application for PCs and Macs from Samsung South Korea.An information disclosure vulnerability exists in Samsung DeX Home, which stems from the lack of proper access authentication logic in Samsung DeX Home, and could be exploited to gain unauthorized access to...
SmarterTools SmarterTrack 代码问题漏洞
SmarterTools SmarterTrack is a customer service software from SmarterTools UK. It improves customer service and reduces support costs. SmarterTools SmarterTrack 100.0.8019.14010 A security vulnerability exists where an application using administrator or administrator privileges could be tricked...