ZDI-22-377: Apple macOS libFontParser TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:11 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the libFontParser library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

perl-5.40.2-518.fc42

FEDORA-2025-30244ebfc7 Packages in this update: perl-5.40.2-518.fc42 Update description: Fixes CVE-2025-40909 - Clone dirhandles without fchdir Read More

July 10, 2025

perl-5.40.2-516.fc41

FEDORA-2025-f142899732 Packages in this update: perl-5.40.2-516.fc41 Update description: Fixes CVE-2025-40909 - Clone dirhandles without fchdir Read More

July 10, 2025

Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities

Posted by Egidio Romano on Jul 09 ---------------------------------------------------------------------------------- Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities ----------------------------------------------------------------------------------...

July 10, 2025

KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09 KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request...

July 9, 2025

KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09 KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation Title:...

July 9, 2025

KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09 KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution...

July 9, 2025

Smashing Security podcast #425: Call of Duty: From pew-pew to pwned

As Texas floods, so does the internet – with dangerous lies

Ransomware Attack Stops Nova Scotia Power Meter Readings

AiLock ransomware: What you need to know

Microsoft Patch Tuesday: One Zero-Day and A Potential ‘Wormable’ Flaw

Yet Another Strava Privacy Leak

Chinese State-Sponsored Hacker Charged Over COVID-19 Research Theft

MacOS Infostealer AMOS Evolves with Backdoor for Persistent Access

M&S Chair Details Ransomware Attack, Declines to Confirm if Payment Was Made

ZDI-22-377: Apple macOS libFontParser TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

perl-5.40.2-518.fc42

perl-5.40.2-516.fc41

Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities

KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery

KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation

KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution