βΌ CVE-2022-35476 βΌ
π Read
via "National Vulnerability Database".
OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38233 βΌ
π Read
via "National Vulnerability Database".
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38235 βΌ
π Read
via "National Vulnerability Database".
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38237 βΌ
π Read
via "National Vulnerability Database".
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38236 βΌ
π Read
via "National Vulnerability Database".
XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38238 βΌ
π Read
via "National Vulnerability Database".
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38230 βΌ
π Read
via "National Vulnerability Database".
XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38234 βΌ
π Read
via "National Vulnerability Database".
XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38231 βΌ
π Read
via "National Vulnerability Database".
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35434 βΌ
π Read
via "National Vulnerability Database".
jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c.π Read
via "National Vulnerability Database".
π΄ Microsoft Rolls Out Tamper Protection for Macs π΄
π Read
via "Dark Reading".
The tamper protection feature detects attempts to modify files and processes for Microsoft Defender for Endpoints on macOS.π Read
via "Dark Reading".
Dark Reading
Microsoft Rolls Out Tamper Protection for Macs
The new feature detects attempts to modify files and processes for Microsoft Defender for Endpoints on macOS.
π1
βΌ CVE-2022-25799 βΌ
π Read
via "National Vulnerability Database".
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.5.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42052 βΌ
π Read
via "National Vulnerability Database".
IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2871 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.π Read
via "National Vulnerability Database".
ποΈ Developers still struggling with security issues during code reviews, study finds ποΈ
π Read
via "The Daily Swig".
The road to DevSecOps isnβt always the smoothestπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Developers still struggling with security issues during code reviews, study finds
The road to DevSecOps isnβt always the smoothest
π1
β US offers reward βup to $10 millionβ for information about the Conti gang β
π Read
via "Naked Security".
Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)π Read
via "Naked Security".
Naked Security
US offers reward βup to $10 millionβ for information about the Conti gang
Wanted β Reward Offered β Five unknown individuals (plus a man with a weird hat)
β Chrome browser gets 11 security fixes with 1 zero-day β update now! β
π Read
via "Naked Security".
Don't delay - patch today.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1
π΄ 7 Smart Ways to Secure Your E-Commerce Site π΄
π Read
via "Dark Reading".
Especially if your e-commerce and CMS platforms are integrated, you risk multiple potential sources of intrusion, and the integration points themselves may be vulnerable to attack.π Read
via "Dark Reading".
Dark Reading
7 Smart Ways to Secure Your E-Commerce Site
Especially if your e-commerce and CMS platforms are integrated, you risk multiple potential sources of intrusion, and the integration points themselves may be vulnerable to attack.
βΌ CVE-2022-37459 βΌ
π Read
via "National Vulnerability Database".
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-45454 βΌ
π Read
via "National Vulnerability Database".
Ampere Altra before SRP 1.08b and Altra Max? before SRP 2.05 allow information disclosure of power telemetry via HWmon.π Read
via "National Vulnerability Database".
ποΈ Swiss Post relaunches e-voting bug bounty program ποΈ
π Read
via "The Daily Swig".
Ethical hackers invited to stress test election infrastructureπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Swiss Post relaunches e-voting bug bounty program
Ethical hackers invited to stress test election infrastructure