Yufan You discovered that Libreoffice’s handling of documents based on
ZIP archives was suspectible to spoofing attacks when the repair mode
attempts to address a malformed archive structure.
Shang-Hung Wan discovered multiple vulnerabilities in the Expat
XML parsing C library, which could result in denial of service or
potentially the execution of arbitrary code.
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Don’t want cloud security to limit performance or availability? Learn how we’ve been testing CIS Hardened Images with cloud services to support your needs!
CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported.
Welcome to the security nightmare that is the Internet of Things.