CVE-2020-21406
An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box that allows attackers to cause a denial of service via the...
CVE-2020-21405
An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk Read More
Orca adds detection and response capabilities to its agentless cloud security solution
Orca Security has added cloud detection and response (CDR) capabilities to its cloud security platform, the company announced Tuesday. The new feature expands the platform's...
Unpatched Flaws in Popular GPS Devices Allow Adversaries to Disrupt and Track Vehicles
BitSight described six ‘severe’ vulnerabilities in the MiCODUS MV720 GPS tracker Read More
Oracle July 2022 Critical Patch Update Addresses 188 CVEs
Oracle July 2022 Critical Patch Update Addresses 188 CVEs Oracle addresses 188 CVEs in its third quarterly update of 2022 with 349 patches, including 66...
More malware-infested apps, downloaded millions of times, found in the Google Play store
Three million Android users may have lost money and had their devices infected by spyware, after the discovery that the official Google Play store has...
Clunk flush! Bexplus cryptocurrency exchange closes suddenly, giving its users only 24 hours to withdraw funds
Bexplus gave its users only 24 hours to withdraw their funds. Can you imagine a traditional financial institution treating its customers in such a slipshod...
Drupal core – Moderately critical – Multiple vulnerabilities – SA-CORE-2022-015
Project: Drupal core Date: 2022-July-20 Security risk: Moderately critical 11∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:Uncommon Vulnerability: Multiple vulnerabilities Description: The Media oEmbed iframe route does not properly validate the...
Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2022-014
Project: Drupal core Date: 2022-July-20 Security risk: Critical 15∕25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:Uncommon Vulnerability: Arbitrary PHP code execution Description: Drupal core sanitizes filenames with dangerous extensions upon upload...
Drupal core – Moderately critical – Access Bypass – SA-CORE-2022-013
Project: Drupal core Date: 2022-July-20 Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Uncommon Vulnerability: Access Bypass Description: Under certain circumstances, the Drupal core form API evaluates form...