Farktor E-Commerce Package 安全漏洞

Farktor E-Commerce Package is an e-commerce platform developed by the Turkish company Farktor. The Farktor E-Commerce Package versions 27112025 and earlier have a security vulnerability. This vulnerability stems from bypassing authorization through the user control key, which may lead to...

OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans

OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the artificial intelligence AI company expanded access to its low-cost subscription globally. "You need to know that your data and conversations...

EUVD-2020-20387

Malware in sbrugna...

SUSE-SU-2025:02013-1 Security update for pam

This update for pam fixes the following issues: - CVE-2025-6018: pamenv: Change the default to not read the user .pamenvironment file bsc1243226. - CVE-2025-6020: pamnamespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path...

CVE-2020-27894

The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from...

PT-2024-39041 · Unknown · Wifiburada

Name of the Vulnerable Software and Affected Versions: WiFiBurada versions prior to 1.0.5 Description: The issue is related to an authentication bypass by assumed-immutable data, allowing the manipulation of user-controlled variables. This can potentially be exploited to gain unauthorized access...

Google Rolling Out Privacy Sandbox Beta on Android 13 Devices

Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13. "The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps...

PYSEC-2022-151

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...

CVE-2020-27894

The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from...

CVE-2020-27894

The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from...

CVE-2020-27894

CVE-2020-27894 affects Finder on macOS Big Sur. The issue concerns metadata indicating where downloaded files come from that users may be unable to remove. Apple notes the fix is in macOS Big Sur 11.0.1, addressing this with additional user controls. Public references (NVD, Red Hat, CVE listings)...

Google Gives Users More Choice with Location-Tracking Apps

Anyone who uses a mobile app knows how convenient the features that use location data can be, from getting turn-by-turn directions and finding nearby restaurants to fitness-tracking and weather integration. But these rich mobile “experiences” – as app developers call them – can be a double-edged...

Google Announces 5 Major Security Updates for Chrome Extensions

Google has made several new announcements for its Chrome Web Store that aims at making Chrome extensions more secure and transparent to its users. Over a couple of years, we have seen a significant rise in malicious extensions that appear to offer useful functionalities, while running hidden...

Google Cracks Down on Malicious Chrome Extensions in Major Update

Google on Monday announced major changes to its Chrome Web Store as the company tries to ax the malicious extensions that have continuously popped up on its platform over the years. The array of security improvements include a stricter extension review process, new code-readability requirements...

Kernel: ALSA: control: integer overflow in id.index & id.numid

An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture ALSA implementation handled user controls. A local, privileged user could use this flaw to crash the system...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3103)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3103 advisory. - ALSA: control: Protect user controls against concurrent access Lars-Peter Clausen Orabug: 20192540 CVE-2014-4652 - target/rd: Refactor...

Kernel: ALSA: control: use-after-free in replacing user controls

A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture ALSA implementation handled user controls. A local, privileged user could use this flaw to crash the system...

Kernel: ALSA: control: integer overflow in id.index & id.numid

An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture ALSA implementation handled user controls. A local, privileged user could use this flaw to crash the system...

Kernel: ALSA: control: use-after-free in replacing user controls

A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture ALSA implementation handled user controls. A local, privileged user could use this flaw to crash the system...

Kernel: ALSA: control: use-after-free in replacing user controls

A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture ALSA implementation handled user controls. A local, privileged user could use this flaw to crash the system...