This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2025-0900.
Posted by Apple Product Security via Fulldisclosure on Feb 10
APPLE-SA-02-10-2025-2 iPadOS 17.7.5
iPadOS 17.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122173.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accessibility
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact: A physical…
Posted by Apple Product Security via Fulldisclosure on Feb 10
APPLE-SA-02-10-2025-1 iOS 18.3.1 and iPadOS 18.3.1
iOS 18.3.1 and iPadOS 18.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122174.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation…
Posted by Jeroen Hermans via Fulldisclosure on Feb 10
CloudAware Security Advisory
CVE-2024-55447: Potential PII leak and incorrect access control in
Paxton Net2 software
========================================================================
Summary
========================================================================
Insecure backend database in the Paxton Net2 software.
Possible leaking of PII incorrect access control.
Access cards can be cloned without physical access to the original…
Posted by Georgi Guninski on Feb 10
Summary: On 2025-02-09 ChatGPT AI found “security concern” (XSS) in
DeepSeek’s AI python code.
Background:
Consider the simple coding question (Q):
Write Python CGI which takes as an argument NAME and outputs: “Hello NAME”.
First page and results on google for “python CGI” return for me
tutorials, which are flawed and textbook examples of the cross site
scripting (XSS) vulnerability. This is a…
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2025-1011,
CVE-2025-1013, CVE-2025-1014, CVE-2025-1016, CVE-2025-1017, CVE-2025-1018,
CVE-2025-1019, CVE-2025-1020)
Ivan Fratric discovered that Firefox did not properly handle XSLT data,
leading to a use-after-free vulnerability. An attacker could potentially
exploit this issue to cause a denial of service, or execute arbitrary code.
(CVE-2025-1009)
Atte Kettunen discovered that Firefox did not properly manage memory in
the Custom Highlight API, leading to a use-after-free vulnerability. An
attacker could potentially exploit this issue to cause a denial of service,
or execute arbitrary code. (CVE-2025-1010)
Nils Bars discovered that Firefox did not properly manage memory during
concurrent delazification, leading to a use-after-free vulnerability.
An attacker could potentially exploit this issue to cause a denial of
service, or execute arbitrary code. (CVE-2025-1012)
