SKYLARK HOLDINGS CO., LTD. Security Vulnerabilities

About the security content of iOS 16.7.5 and iPadOS 16.7.5

About the security content of iOS 16.7.5 and iPadOS 16.7.5 This document describes the security content of iOS 16.7.5 and iPadOS 16.7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage

The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential...

CVE-2023-51059

An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web...

Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets

By Deeba Ahmed Group-IB Global Pvt. Ltd. has revealed shocking details on Inferno Drainer, a phishing operation targeting cryptocurrency wallet providers.… This is a post from HackRead.com Read the original post: Inferno Drainer Phishing Nets Scammers $80M from Crypto...

Unauthorized Access Vulnerability in SuperMap iServer of Beijing SuperMap Software Co.

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive...

About the security content of tvOS 17.3

About the security content of tvOS 17.3 This document describes the security content of tvOS 17.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....

How a $10B Enterprise Customer Drastically Increased their SaaS Security Posture with 201% ROI by Using SSPM

SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration –....

Xerox Workcentre 5735 LDAP Service Redential Extractor

This module extract the printer's LDAP username and password from Xerox Workcentre...

JVN#46895889: RakRak Document Plus vulnerable to path traversal

RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability (CWE-22). ## Impact Arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges. ## Solution Update the Software Update the...

About the security content of macOS Sonoma 14.3

About the security content of macOS Sonoma 14.3 This document describes the security content of macOS Sonoma 14.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....

JVN#73587943: Access analysis CGI An-Analyzer vulnerable to open redirect

Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains an open redirect vulnerability (CWE-601). ## Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. ## Solution Apply....

CVE-2023-48348

In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48344

In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48343

In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48349

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48345

In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48347

In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48342

In media service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

CVE-2023-48340

In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges...

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through...

CVE-2023-48350

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48346

In video decoder, there is a possible improper input validation. This could lead to local denial of service with no additional execution privileges...

Unauthorized Access Vulnerability in Jianguoyun-Engineering Digitization Cloud Platform of Zhuhai Enterprise Surplus Information Technology Co.

Zhuhai Enterprise Information Technology Co., Ltd. focuses on the development and operation services of the SaaS platform (Jian Guo Yun) for the digital intelligence of the engineering and construction industry. There is an unauthorized access vulnerability in the Engineering Digital Cloud...

CVE-2023-48351

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48341

In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just...

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

Overview In February 2024, Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288) and has a...

Cybersecurity Must De-Risk the Business

The Catalyst for My Return to Qualys “Necessity is the mother of all invention.” – Plato Introduction Cybersecurity as a problem and practice is evolving. This evolution is driven by business risk. Does this sound obvious? For far too long, we in security have put the technology cart way ahead of.....

Sql injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through...

Debian: Security Advisory (DLA-993-1)

The remote host is missing an update for the...

CVE-2023-5091

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...

CVE-2023-5091

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...

A Bootiful Podcast: Spring trainer extraordinairre Patrick Baumgartner

Hi, Spring fans! In this installment, I talked to Spring trainer extraordinaire, long-time community contributor, and Voxxed Days co-organizer for various shows in Switzerland. This talk was recorded live at Voxxed Days...

CVE-2022-34344

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles,...

CVE-2022-34344

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles,...

CVE-2020-12802

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed.....

Information Leakage Vulnerability in BlueLine OA of Shenzhen BlueLine Software Co.

Shenzhen BlueLine Software Co., Ltd. is a company that provides integrated solutions for all kinds of organizations, such as smart office, mobile portal, knowledge management, contract management, digital operation and financial sharing. An information leakage vulnerability exists in BlueLine OA...

CVE-2019-1547

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have....

CVE-2020-12803

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need...

About the security content of iOS 17.3 and iPadOS 17.3

About the security content of iOS 17.3 and iPadOS 17.3 This document describes the security content of iOS 17.3 and iPadOS 17.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...

Mitsubishi Electric CNC Series (Update E)

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to...

BERTHA AI Plugin < 1.11.10.8 - Unauthenticated Arbitrary File Upload

Description The BERTHA AI. Your AI co-pilot for WordPress and Chrome plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bthai_wa_translate_audio_callback' function in all versions up to and including 1.11.10.7. This makes it possible for...

U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders

The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person....

Debian: Security Advisory (DLA-1799-1)

The remote host is missing an update for the...

CVE-2023-5091 Mali GPU Kernel Driver allows improper GPU processing operations

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-2112)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). CVE-2020-24490: Fixed a heap buffer...

Who is Alleged Medibank Hacker Aleksandr Ermakov?

Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the...

CVE-2022-34344 WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles,...

CVE-2022-3328

Race condition in snap-confine's...

Using Google Search to Find Software Can Be Risky

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of...