Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for privilege escalation. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.

Read More

Posted by Simon Bieber via Fulldisclosure on May 06

secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki

Affected Products
Drupal Wiki 8.31
Drupal Wiki 8.30 (older releases have not been tested)

References
https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt (used for updates)
CVE-2024-34481
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CVSS-B: 6.4 (…

Read More

Posted by Martin Heiland via Fulldisclosure on May 06

Dear subscribers,

We’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0002.html.

Yours sincerely,
Martin Heiland, Open-Xchange…

Read More

FEDORA-2024-ef71921bde

Packages in this update:

python-tqdm-4.66.4-2.fc39

Update description:

Address CVE-2024-34062 (local code execution)

Read More

FEDORA-2024-24e4bba70f

Packages in this update:

python-tqdm-4.66.4-2.fc38

Update description:

Address CVE-2024-34062 (local code execution)

Read More

FEDORA-2024-35acb3b48f

Packages in this update:

python-tqdm-4.66.4-2.fc40

Update description:

Address CVE-2024-34062 (local code execution)

Read More

Posted by Security Explorations on May 06

Hello All,

We released codes for “Microsoft PlayReady toolkit”, a tool that has
been developed as part of our research from 2022:

https://security-explorations.com/microsoft-playready.html#details

The toolkit illustrates the following:
– fake client device identity generation,
– acquisition of license and content keys for encrypted content,
– downloading and decryption of content,
– content inspection (MPEG-4 file format),
– Manifest…

Read More

FEDORA-2024-93f31f5de6

Packages in this update:

nano-7.2-7.fc40

Update description:

fix emergency file replacement vulnerability

Resolves: rhbz#2277586

Read More

FEDORA-2024-8abde32a6e

Packages in this update:

nano-7.2-5.fc39

Update description:

fix emergency file replacement vulnerability

Resolves: rhbz#2277586

Read More

Post Content

Read More