![]() ![]() In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the -no-PRIVILEGED option. Usrsctp before has out-of-bounds reads in sctp_load_addresses_from_init. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests. ![]() The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker.Īn issue was discovered in the Readdle Documents app before 6.9.7 for iOS. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim's device. ![]() The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.Īn issue was discovered in the Readdle Documents app before 6.9.7 for iOS. IBM X-Force ID: 172705.Ī buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. IBM MaaS360 3.96.62 for iOS could allow an attacker with physical access to the device to obtain sensitive information from the agent outside of the container. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service. ![]() This vulnerability affects Firefox for iOS ) on iOS. When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.Ĭlient side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |