This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Category Archives: Advisories
ZDI-22-711: Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-710: Autodesk FBX Review ABC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-709: Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability.
ZDI-22-708: Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability.
ZDI-22-707: Oracle MySQL Cluster Data Node Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability.
ZDI-22-706: Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability.
ZDI-22-757: Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
USN-5393-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
conduct spoofing attacks, or execute arbitrary code. (CVE-2022-1097,
CVE-2022-1196, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285,
CVE-2022-28286, CVE-2022-28289)
It was discovered that Thunderbird ignored OpenPGP revocation when
importing a revoked key in some circumstances. An attacker could
potentially exploit this by tricking the user into trusting the
authenticity of a message or tricking them into use a revoked key to
send an encrypted message. (CVE-2022-1197)
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.