SUSE CVE-2005-2367

Format string vulnerability in the protoitemsettext function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet...

SUSE CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...

The vulnerability of the dsi_writeinit function in the implementation of the Apple Filing Protocol Netatalk allows a hacker to execute arbitrary code in the context of the root user.

The vulnerability of the dsiwriteinit function in the Apple Filing Protocol Netatalk implementation is related to the possibility of buffer overflow attacks. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the root user remotely...

New T-Mobile Breach Affects 37 Million Accounts

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately ...

globalpatentfiling.com Cross Site Scripting vulnerability OBB-3156377

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Omnicell Healthcare Company Confirms Ransomware Incident

In a US SEC Securities and Exchange Commission 8-K filing, Omnicell, the healthcare technology provider, revealed that some of its products, services, and internal systems were affected by ransomware. Upon detecting the incident, the medication management systems provider took immediate action to...

Grand Theft Auto 6 suffers grand theft

For games publisher Take-Two Interactive, damage control is in full effect as word spreads of a Grand Theft Auto-centric network compromise. Developer Rockstar Games has suffered a major leak of upcoming game content, specifically unfinished video footage of Grand Theft Auto 6. The first anyone...

Vulnerabilities fixed in Netatalk

Vulnerabilities have been fixed in Netatalk. Netatalk is an open-source protocol that allows Unix systems to communicate with Apple systems. Netatalk uses the Apple Filing Protocol; the vulnerabilities found are in this protocol. The vulnerabilities allow an unauthenticated remote malicious perso...

A week in security (April 11 – 17)

Last week on Malwarebytes Labs: Credential-stealing malware disguises itself as Telegram, targets social media users Old Play Store apps served notice by upcoming API level changes Denonia cryptominer is first malware to target AWS Lambda Ransomware: March 2022 review Why identity management...

DEBIAN-CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...

UBUNTU-CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...

Western Digital My Cloud 后置链接漏洞

Western Digital My Cloud is a personal cloud storage device from Western Digital. A backlink vulnerability exists in Western Digital My Cloud OS 5 due to insufficient file validation during file uploads in the native language combination provided by SMB and AFP in its default configuration. A...

PT-2022-15765 · Afp +5 · Afp +5

Name of the Vulnerable Software and Affected Versions: SMB and AFP affected versions not specified Description: The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting this combination of primitives, an attacker can...

SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack

Fortune 500 integrated services firm R.R.Donnelley & Sons RRD is the latest victim of the hacking collective known as the Conti Group. According to regulatory disclosures RRD was the victim of a network breach that resulted in stolen data in December. RRD, a global firm with 33,000 employees,...

GoDaddy Data Breach Exposes Over 1 Million WordPress Customers' Data

Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018. In a filing with the U.S. Securities and Exchange...

The vulnerability in the implementation of SMB and AFP network protocol functions in the My Cloud OS operating systems allows a perpetrator to gain unauthorized access to protected information or execute arbitrary code.

The vulnerability of the SMB and AFP network protocol implementations in My Cloud OS operating systems is related to incorrect handling of symbolic links. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or execute arbitrary code...

CVE-2021-3310

Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure by reading local files...

Chrome for Android Update

Hi, everyone! We've just released Chrome 86 86.0.4240.185 for Android: it'll become available on Google Play over the next few weeks. Security fixes in this release are listed in the corresponding Desktop Release. In addition, this Android release contains: $NA1144368 High CVE-2020-16010: Heap...

php:php-fuzz-execute: Use-of-uninitialized-value in zend_generator_search_multi_children_node

Detailed Report: https://oss-fuzz.com/testcase?key=5146486399303680 Project: php Fuzzing Engine: libFuzzer Fuzz Target: php-fuzz-execute Job Type: libfuzzermsanphp Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: zendgeneratorsearchmultichildrennode...

Twitter Could Face $250M FTC Fine Over Improper Data Use

Twitter may be facing a Federal Trade Commission FTC fine of up to $250 million, after the social media giant last year revealed the improper use of users’ email addresses and phone numbers. In October 2019, Twitter acknowledged that user phone numbers and email addresses gathered for security...