βΌ CVE-2022-1048 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in the Linux kernelΓ’β¬β’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3982 βΌ
π Read
via "National Vulnerability Database".
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1015 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29934 βΌ
π Read
via "National Vulnerability Database".
USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0985 βΌ
π Read
via "National Vulnerability Database".
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1402 βΌ
π Read
via "National Vulnerability Database".
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4206 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1403 βΌ
π Read
via "National Vulnerability Database".
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43938 βΌ
π Read
via "National Vulnerability Database".
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36207 βΌ
π Read
via "National Vulnerability Database".
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator.π Read
via "National Vulnerability Database".
π΄ Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded π΄
π Read
via "Dark Reading".
This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say.π Read
via "Dark Reading".
Dark Reading
Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded
This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say.
βΌ CVE-2022-1543 βΌ
π Read
via "National Vulnerability Database".
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.π Read
via "National Vulnerability Database".
π΄ Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack π΄
π Read
via "Dark Reading".
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.π Read
via "Dark Reading".
Dark Reading
Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.
βΌ CVE-2022-25854 βΌ
π Read
via "National Vulnerability Database".
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29947 βΌ
π Read
via "National Vulnerability Database".
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28198 βΌ
π Read
via "National Vulnerability Database".
NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29945 βΌ
π Read
via "National Vulnerability Database".
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.π Read
via "National Vulnerability Database".
π΄ Good News! IAM Is Near-Universal With SaaS π΄
π Read
via "Dark Reading".
The less-good news: IAM only works for applications your IT department knows about, so watch for "shadow IT" programs installed or written by users that leave a security gap.π Read
via "Dark Reading".
Dark Reading
Good News! IAM Is Near-Universal With SaaS
The less-good news: IAM only works for applications your IT department knows about, so watch for "shadow IT" programs installed or written by users that leave a security gap.
βΌ CVE-2022-29967 βΌ
π Read
via "National Vulnerability Database".
static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.π Read
via "National Vulnerability Database".
π΄ 2022 Security Priorities: Staffing and Remote Work π΄
π Read
via "Dark Reading".
A comprehensive security strategy balances technology, processes, and people β and hiring and retaining security personnel and securing the remote workforce are firmly people priorities.π Read
via "Dark Reading".
Dark Reading
2022 Security Priorities: Staffing and Remote Work
A comprehensive security strategy balances technology, processes, and people β and hiring and retaining security personnel and securing the remote workforce are firmly people priorities.
π1
βΌ CVE-2022-29265 βΌ
π Read
via "National Vulnerability Database".
Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - EvaluateXPath - EvaluateXQuery - ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.π Read
via "National Vulnerability Database".