Information disclosure

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout...

CVE-2023-23502

CVE-2023-23502 is an information-disclosure flaw that Apple fixed by removing the vulnerable code. The cited advisories state the issue could allow an app to determine kernel memory layout. Affected platforms include macOS (Monterey 12.6.3, Ventura 13.2) and iOS/iPadOS (16.3), as well as tvOS/wat...

K29154575: ImageMagick vulnerability CVE-2016-3717

Security Advisory Description The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. CVE-2016-3717 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting this...

Open Redirect Vulnerability in Action Pack

There is a vulnerability in Action Controller’s redirectto. This vulnerability has been assigned the CVE identifier CVE-2023-22797. Versions Affected: = 7.0.0 Not affected: 7.0.0 Fixed Versions: 7.0.4.1 Impact There is a possible open redirect when using the redirectto helper with untrusted user...

Suspicious login app ships old league/flysystem version

None...

CVE-2023-0051

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144...

SUSE SLES15 Security Update : kernel (Live Patch 30 for SLE 15 SP1) (SUSE-SU-2022:4527-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4527-1 advisory. - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function...

CVE-2022-20515

In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-42862

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences...

Code injection

Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences...

Multi Step upgrades introduce security risk

Lines of code Vulnerability details Impact If Governor upgrades the system using executeDiamondCutProposal function then freezing is removed. This could be a problem where Governor was still not ready to make freezable facet available as shown in POC Proof of Concept 1. Governor discovers a...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation. Remediation There is no fixed version for com.bstek.uflo:uflo-core...

Liberapay: Email Address Exposure via Gratipay Migration Tool

Through the /migrate route, an attacker can input the username of any user on the site and retrieve their primary email address without any authorization required. Steps to reproduce: Note: This cannot be performed with hackerone-target, because that account seems to return a None as an email. 1...

Uncontrolled Resource Consumption in Jackson-databind

In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. This was patched in 2.12.7.1,...

MetaMask: Possible to spoof Origin in "Connected Sites"

A vulnerability was discovered in MetaMask that allowed for the spoofing of the origin domain name in the "Connected Sites" list. This was caused by a CSS style sheet that set the direction to "right-to-left", which resulted in the order of characters in the domain name being messed up and...

WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting

Exploit Title: WordPress Plugin ‘GetYourGuide Ticketing’ - Stored Cross-Site Scripting Date: 18-09-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/search/GetYourGuide+Ticketing/ Version: 1.0.1 Tested on: Firefox Contact me: [email protected]...

CVE-2022-33723

A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack...

CVE-2022-33727

A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack...

CVE-2022-33727

CVE-2022-33727 describes a vulnerability in the SecDevicePickerDialog onCreate prior to Samsung SMR Aug-2022 Release 1, where flawed UI handling enables a tapjacking/overlay attack to trick users into selecting an unwanted Bluetooth device. The issue is documented across multiple sources (NVD, Re...

PHP Library Remote Code Execution Vulnerability

Several PHP compatibility libraries contain a potential remote code execution flaw in their jsondecode function based on having copy pasted existing vulnerable code. Affected components include the WassUp Realtime analytics WordPress plugin, AjaXplorer Core, and more. JAHx221 - RCE in copy/pasted...