Aggregator

A vulnerability marked as critical has been reported in Lizardsystems Terminal Services Manager 3.2.1. Impacted is an unknown function. Performing a manipulation of the argument computer name results in out-of-bounds write. This vulnerability is known as CVE-2019-25545. Attacking locally is a requirement. Furthermore, an exploit is available.

A vulnerability labeled as problematic has been found in Pidgin 2.13.0. This issue affects some unknown processing of the component Account Creation Handler. Such manipulation of the argument Username leads to reliance on untrusted inputs in a security decision. This vulnerability is traded as CVE-2019-25544. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability identified as problematic has been detected in NordVPN 6.19.6. This vulnerability affects unknown code. This manipulation of the argument email causes improper handling of overlap between protected memory ranges. This vulnerability appears as CVE-2019-25572. The attack requires local access. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Valentina-Db Valentina Studio 9.0.5. This affects an unknown part. The manipulation of the argument Host results in out-of-bounds write. This vulnerability is reported as CVE-2019-25567. The attack requires a local approach. Moreover, an exploit is present.

A vulnerability was found in Nsauditor SpotPaltalk 1.1.5. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to improper handling of overlap between protected memory ranges. This vulnerability is documented as CVE-2019-25559. The attack needs to be performed locally. Additionally, an exploit exists.

A vulnerability was found in Magiciso Magic Iso Maker 5.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Handler. Executing a manipulation of the argument Serial Code can lead to out-of-bounds write. This vulnerability is registered as CVE-2019-25565. The attack needs to be launched locally. Furthermore, an exploit is available.

A vulnerability was found in BlueStacks 4.80.0.1060. It has been classified as problematic. Affected is an unknown function. Performing a manipulation of the argument Search results in return of pointer value outside of expected range. This vulnerability is cataloged as CVE-2019-25548. The attack must be initiated from a local position. Furthermore, there is an exploit available.

A vulnerability was found in Memuplay Memu Play 6.0.7 and classified as critical. This impacts an unknown function of the file MemuService.exe. Such manipulation leads to missing authentication. This vulnerability is listed as CVE-2019-25568. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability has been found in Cewe-Photoworld CEWE PHOTO SHOW 6.4.3 and classified as problematic. This affects an unknown function. This manipulation causes use of password hash instead of password for authentication. This vulnerability is tracked as CVE-2019-25552. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Google has announced a new mechanism in Android called Advanced Flow that will allow sideloading APKs from unverified developers for power users in a more secure way. [...]

Осталось научить её держать заряд.

Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. [...]

Чужих в этот закрытый клуб не пустят даже при наличии пароля.

美国司法部周四指控超微电脑联合创始人廖义贤（Yih-Shyan Liaw） ，以及员工张瑞增（Ruei-Tsang Chang）、孙廷伟（Ting-Wei Sun） 串谋，将内置高性能英伟达（Nvidia）GPU的计算机服务器走私至中国。根据起诉书，三人自约两年前起与他人共谋，通过一家位于东南亚的“中转”公司，向中国销售至少价值 25 亿美元的服务器。而美国法律禁止未经许可向中国销售此类设备。超微表示公司本身未被列为被告。公司已将廖义贤和张瑞增停职，并终止与合同工孙廷伟的合作。美国司法部表示，廖义贤和廷伟已被逮捕，张瑞增仍在逃。尽管超微未列为被告，但其股价周五暴跌。

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. "The campaign

从手工审计到 AI 驱动，jar-analyzer 五年进化，MCP 与 SKILL 再到 Claude Code 插件