‼ CVE-2022-21792 ‼
📖 Read
via "National Vulnerability Database".
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21791 ‼
📖 Read
via "National Vulnerability Database".
In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34567 ‼
📖 Read
via "National Vulnerability Database".
An issue in \Roaming\Mango\Plugins of University of Texas Multi-image Analysis GUI (Mango) 4.1 allows attackers to escalate privileges via crafted plugins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2509 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30699 ‼
📖 Read
via "National Vulnerability Database".
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36301 ‼
📖 Read
via "National Vulnerability Database".
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26428 ‼
📖 Read
via "National Vulnerability Database".
In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26427 ‼
📖 Read
via "National Vulnerability Database".
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540; Issue ID: ALPS07085540.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2598 ‼
📖 Read
via "National Vulnerability Database".
Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21788 ‼
📖 Read
via "National Vulnerability Database".
In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2581 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26439 ‼
📖 Read
via "National Vulnerability Database".
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420020; Issue ID: GN20220420020.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26435 ‼
📖 Read
via "National Vulnerability Database".
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21790 ‼
📖 Read
via "National Vulnerability Database".
In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306.📖 Read
via "National Vulnerability Database".
âš GnuTLS patches memory mismanagement bug – update now! âš
📖 Read
via "Naked Security".
GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn more...📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🕴 Name That Edge Toon: Up a Tree 🕴
📖 Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.📖 Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: Up a Tree
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
🕴 Chromium Browsers Allow Data Exfiltration via Bookmark Syncing 🕴
📖 Read
via "Dark Reading".
"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools.📖 Read
via "Dark Reading".
Dark Reading
Chromium Browsers Allow Data Exfiltration via Bookmark Syncing
"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools.
‼ CVE-2022-34307 ‼
📖 Read
via "National Vulnerability Database".
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34161 ‼
📖 Read
via "National Vulnerability Database".
IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33955 ‼
📖 Read
via "National Vulnerability Database".
IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34162 ‼
📖 Read
via "National Vulnerability Database".
IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332.📖 Read
via "National Vulnerability Database".