βΌ CVE-2021-43302 βΌ
π Read
via "National Vulnerability Database".
Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22880 βΌ
π Read
via "National Vulnerability Database".
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24983 βΌ
π Read
via "National Vulnerability Database".
Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. When chained with CVE-2022-24984, this could lead to unauthenticated remote code execution on the underlying web server. This occurs because the Unique ID field is contained in the POST response upon submitting a form.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43301 βΌ
π Read
via "National Vulnerability Database".
Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43299 βΌ
π Read
via "National Vulnerability Database".
Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24985 βΌ
π Read
via "National Vulnerability Database".
Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. This is relevant only when an organization hosts more than one of these forms on their server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24984 βΌ
π Read
via "National Vulnerability Database".
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content (e.g., .phtml or .php.bak) is blocked.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25265 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43303 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument suppliedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-23636 βΌ
π Read
via "National Vulnerability Database".
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an `externref` global will result in an invalid drop of a `VMExternRef` via an uninitialized pointer. A number of conditions listed in the GitHub Security Advisory must be true in order for an instance to be vulnerable to this issue. Maintainers believe that the effective impact of this bug is relatively small because the usage of `externref` is still uncommon and without a resource limiter configured on the `Store`, which is not the default configuration, it is only possible to trigger the bug from an error returned by `mprotect` or `VirtualAlloc`. Note that on Linux with the `uffd` feature enabled, it is only possible to trigger the bug from a resource limiter as the call to `mprotect` is skipped. The bug has been fixed in 0.34.1 and 0.33.1 and users are encouraged to upgrade as soon as possible. If it is not possible to upgrade to version 0.34.1 or 0.33.1 of the `wasmtime` crate, it is recommend that support for the reference types proposal be disabled by passing `false` to `Config::wasm_reference_types`. Doing so will prevent modules that use `externref` from being loaded entirely.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43300 βΌ
π Read
via "National Vulnerability Database".
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25271 βΌ
π Read
via "National Vulnerability Database".
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25270 βΌ
π Read
via "National Vulnerability Database".
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0623 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in Homebrew mruby prior to 3.2.π Read
via "National Vulnerability Database".
ποΈ Port of LAβs new Cyber Resilience Center aims to bolster physical and digital supply chain defenses ποΈ
π Read
via "The Daily Swig".
βWe must take every precaution against potential cyber incidentsβ, port director tells The Daily Swigπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Port of LAβs new Cyber Resilience Center aims to bolster physical and digital supply chain defenses
βWe must take every precaution against potential cyber incidentsβ, port director tells The Daily Swig
β VMWare fixes holes that could allow virtual machine escapes β
π Read
via "Naked Security".
Hats off to VMWare for not using weasel words: "When should you act?" Immediately...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-0629 βΌ
π Read
via "National Vulnerability Database".
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46368 βΌ
π Read
via "National Vulnerability Database".
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.π Read
via "National Vulnerability Database".
ποΈ Russian nation-state hackers targeting US contractors for sensitive defense information, FBI warns ποΈ
π Read
via "The Daily Swig".
Cybersecurity and military secrets among documents accessedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Russian nation-state hackers targeting US contractors for sensitive defense information, FBI warns
Cybersecurity and military secrets among documents accessed
β Microsoft Teams Targeted With Takeover Trojans β
π Read
via "Threat Post".
Threat actors are infiltrating the increasingly popular collaboration app to attach malicious files to chat threads that drop system-hijacking malware.π Read
via "Threat Post".
Threat Post
Microsoft Teams Targeted With Takeover Trojans
Threat actors are infiltrating the increasingly popular collaboration app to attach malicious files to chat threads that drop system-hijacking malware.
β Kill Cloud Risk: Get Everybody to Stop Fighting Over App Security β Podcast β
π Read
via "Threat Post".
When it comes to ensuring safe cloud app rollouts, thereβs flat-out animosity between business shareholders. HackerOneβs Alex Rice and GitLabβs Johnathan Hunt share tips on quashing all the squabbling.π Read
via "Threat Post".