An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity.
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.
It was discovered that H2 was vulnerable to deserialization of
untrusted data. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-42392)
It was discovered that H2 incorrectly handled some specially
crafted connection URLs. An attacker could possibly use this
issue to execute arbitrary code. (CVE-2022-23221)
openscad-2021.01-8.fc34
Security fixes for CVE-2022-0496 and CVE-2022-0497
openscad-2021.01-8.fc35
Security fixes for CVE-2022-0496 and CVE-2022-0497
openscad-2021.01-8.fc36
Security fixes for CVE-2022-0496 and CVE-2022-0497
openscad-2021.01-8.fc37
Automatic update for openscad-2021.01-8.fc37.
* Tue Apr 5 2022 Lumír Balhar <lbalhar@redhat.com> – 2021.01-8
– Security fixes for CVE-2022-0496 and CVE-2022-0497
– Fixes: rhbz#2050696 rhbz#2050700
New Remote Access Trojan that provides ransomware services to threat actors is no laughing matter
Teleport, an open-source platform designed to provide zero trust access management for servers and cloud applications, has announced the availability of Teleport 9, the latest version of its unified access plane.
UK high street retailer The Works has shut some of its stores following a “cyber security incident” which saw hackers gain unauthorised access to its systems.
Read more in my article on the Hot for Security blog.
