Exploiting PendingIntent Provenance Confusion to Spoof Android SDK Authentication

A single authentication bypass in a partner SDK grants attackers the identity of every partner in the ecosystem -- and millions of apps use SDKs with exactly this vulnerability. OWASP's 2024 Mobile Top 10 ranks Inadequate Supply Chain Security as the second most critical mobile risk, explicitly...

CVE-2025-68118 Potential Heap Out-of-Bounds Read in freerdp_certificate_data_hash_ via Unsafe _snprintf Usage

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function freerdpcertificatedatahash uses the Microsoft-specific snprintf function to format certificate cache filenames...

CVE-2025-59033

The CVE-2025-59033 entry describes a Microsoft Windows WDAC-based vulnerable driver block list where entries that specify the signing certificate’s TBS hash along with a FileAttribRef qualifier (e.g., file name/version) may not be blocked, regardless of HVCI being enabled. Affects the Microsoft v...

DEBIAN-CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

Ubuntu Update for gnutls12 vulnerability USN-948-1

Ubuntu Update for Linux kernel vulnerabilities USN-948-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9481.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for gnutls12 vulnerability USN-948-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...