9 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-4089
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS befor...
CVE-2025-0135
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected...
Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices
Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems. The vulnerabilities in question are listed below - CVE-2025-24085 CVSS score: 7.3 - A use-after-free bug in the Core Medi...
Mozilla Firefox ESR < 115.18
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.18. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-65 advisory. - Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and...
Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus
The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer. The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force...
Internet Bug Bounty: DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)
A vulnerability in Node.js allowed an attacker-controlled DNS server to bypass DNS rebinding protection by resolving hosts in the .local domain. This allowed an attacker to gain access to the Node.js debugger, potentially resulting in remote code execution. The vulnerability affected all versions...
Node.js: DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)
Summary: This is an insufficient fix of CVE-2022-32212, which itself is a fix of CVE-2018-7160. There exists a specific behaviour in browsers on macOS devices when handling the http://0.0.0.0URL that allows an attacker-controlled DNS server to bypass the DNS rebinding protection by resolving host...
UBUNTU-CVE-2021-31321
Telegram Android 7.1.0 2090, Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Stack Based Overflow in the graysplitcubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device via a...
CVE-2018-4104
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted...