CVE-2022-24190
The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point....
CVE-2022-24189
The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing...
CVE-2022-24188
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are...
CVE-2022-24187
The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id...
U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer
A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that...
USN-5746-1: HarfBuzz vulnerability
Behzad Najjarpour Jabbari discovered that HarfBuzz incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. Read...
Financial services increasingly targeted for API-based cyberattacks
A report published Monday by cloud services and CDN (content delivery network) platform Akamai said that the financial services industry is an increasingly popular target...
moodle-3.11.11-1.fc35
FEDORA-2022-cb7084ae1c Packages in this update: moodle-3.11.11-1.fc35 Update description: Fixes for multiple CVEs Read More
moodle-3.11.11-1.fc36
FEDORA-2022-f7fdcb1820 Packages in this update: moodle-3.11.11-1.fc36 Update description: Fixes for multiple CVEs Read More
moodle-4.1-1.fc37
FEDORA-2022-74a9c8e95f Packages in this update: moodle-4.1-1.fc37 Update description: Fixes for multiple CVEs Read More