Aggregator

CVE-2024-8948 | MicroPython 1.23.0 py/objint.c mpz_as_bytes heap-based overflow (Issue 13041)

VulDB Recent Entries
10 months ago
A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2024-8948. The attack may be launched remotely. Furthermore, there is an exploit available. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2024-8947 | MicroPython 1.22.2 py/objarray.c use after free (Issue 13283)

VulDB Recent Entries
10 months ago
A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. This vulnerability is known as CVE-2024-8947. The attack can be launched remotely. There is no exploit available. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-8946 | MicroPython 1.23.0 VFS Unmount extmod/vfs.c mp_vfs_umount heap-based overflow (Issue 13006)

VulDB Recent Entries
10 months ago
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-8946. It is possible to launch the attack remotely. Furthermore, there is an exploit available. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read. It is recommended to apply a patch to fix this issue.
vuldb.com

Apple releases iOS 18, with security and privacy improvements

Help Net Security
10 months ago

Apple has launched iOS 18, the latest significant iteration of the operating system powering its iPhones. Along with many new features and welcome customization options, iOS 18 brings several changes for improving users’ security and privacy. A standalone Passwords app In previous iOS versions, there was a Passwords tool in the Settings and it allowed users to leverage iCloud Keychain to generate and save passwords. In iOS 18, that tool has become a standalone app … More →

The post Apple releases iOS 18, with security and privacy improvements appeared first on Help Net Security.

Zeljka Zorz

CVE-2024-8897 | Mozilla Firefox up to 130.0.0 on Android Address Bar redirect

VulDB Recent Entries
10 months ago
A vulnerability was found in Mozilla Firefox up to 130.0.0 on Android and classified as problematic. This issue affects some unknown processing of the component Address Bar Handler. The manipulation leads to open redirect. The identification of this vulnerability is CVE-2024-8897. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-8945 | CodeCanyon RISE Ultimate Project Manager 3.7.0 save id sql injection

VulDB Recent Entries
10 months ago
A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2024-8945. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-8944 | code-projects Hospital Management System 1.0 check_availability.php email sql injection

VulDB Recent Entries
10 months ago
A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. This vulnerability is uniquely identified as CVE-2024-8944. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Veritas unveils AI-driven features to simplify cyber recovery

Help Net Security
10 months ago

Veritas Technologies unveiled new AI-driven capabilities to further expand the strength and functionality of the Veritas cyber resilience portfolio. The new innovations, including AI-powered automation and user interface enhancements, provide data protection specialists and IT generalists with intelligent, easy-to-use solutions that remove the uncertainty from cyber recovery. Deepak Mohan, EVP of engineering at Veritas, said: “Data security is becoming increasingly complex, and IT teams are under mounting pressure to ensure that data is always available, … More →

The post Veritas unveils AI-driven features to simplify cyber recovery appeared first on Help Net Security.

Industry News

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

The Hackers News
10 months ago
Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). "Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, David Benjamin, Bob Beck, and Devon O'Brien of the Chrome Team said. "The
The Hacker News

Managed ad