CVE-2022-20929 Description A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic […]
CVE-2023-23397 Description:Microsoft Outlook Elevation of Privilege Vulnerability CNA: Microsoft CorporationBase Score: 9.8 CRITICAL Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
CVE-2022-4328 Description The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server Base Score: 9.8 CRITICAL https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed
TikTok announced today that it’s launching the beta version of a revamped creator fund called the “Creativity Program.” The company says the program is designed to generate higher revenue and unlock more opportunities for creators. The program is available starting today to select creators on an invite-only basis, with availability to all eligible creators coming soon. Given […]
WhatsApp is rolling out a picture-in-picture feature for its iOS app with its latest update. This allows users to access WhatsApp or other apps without shutting out the video feed on the call. The company rolled out this feature with the 23.3.77 version of its iOS app. Until now, if you switched to another app […]
Facebook-parent Meta has launched a subscription service, called Meta Verified, that will allow users to add the coveted blue check mark to their Instagram and Facebook accounts for up to $15 a month by verifying their identity, its chief executive Mark Zuckerberg said on Sunday, tapping a new revenue channel that has returned mixed success […]
CVE-2023-21575 Description Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Base Score: 7.8 HIGH https://helpx.adobe.com/security/products/photoshop/apsb23-11.html ____________ CVE-2023-21576 Description Photoshop […]
CVE-2022-20803 Description A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this […]
CVE-2022-47986 Description IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was […]
CVE-2022-25992 Description Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Base Score: 7.5 HIGH http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html ____________________ CVE-2022-26343 Description Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation […]