βΌ CVE-2022-36086 βΌ
π Read
via "National Vulnerability Database".
linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than `3 * size_of::<usize>` because of metadata write operations. This vulnerability impacts all the initialization functions on the `Heap` and `LockedHeap` types, including `Heap::new`, `Heap::init`, `Heap::init_from_slice`, and `LockedHeap::new`. It also affects multiple uses of the `Heap::extend` method. Version 0.10.2 contains a patch for the issue. As a workaround, ensure that the heap is only initialized with a size larger than `3 * size_of::<usize>` and that the `Heap::extend` method is only called with sizes larger than `2 * size_of::<usize>()`. Also, ensure that the total heap size is (and stays) a multiple of `2 * size_of::<usize>()`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36082 βΌ
π Read
via "National Vulnerability Database".
mangadex-downloader is a command-line tool to download manga from MangaDex. When using `file:<location>` command and `<location>` is a web URL location (http, https), mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38248 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38251 βΌ
π Read
via "National Vulnerability Database".
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38250 βΌ
π Read
via "National Vulnerability Database".
Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38249 βΌ
π Read
via "National Vulnerability Database".
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36088 βΌ
π Read
via "National Vulnerability Database".
GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or Agent are installed on to modify executables or components of the installation. This does not affect zip file-based installs, installations to other platforms, or installations inside `Program Files` or `Program Files (x86)`. This issue is fixed in GoCD 22.2.0 installers. As a workaround, if the server or agent is installed outside of `Program Files (x86)`, verify the the permission of the Server or Agent installation directory to ensure the `Everyone` user group does not have `Full Control`, `Modify` or `Write` permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36585 βΌ
π Read
via "National Vulnerability Database".
In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, in httpd binary, the addDhcpRule function has a buffer overflow caused by sscanf.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19914 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38247 βΌ
π Read
via "National Vulnerability Database".
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel.π Read
via "National Vulnerability Database".
π1
π’ Signal hires former Google manager Meredith Whittaker as first president π’
π Read
via "ITPro".
An outspoken critic of the dangers of AI, Whittaker promises to keep Signal users out of tech giants' "surveillant gaze"π Read
via "ITPro".
IT PRO
Signal hires former Google manager Meredith Whittaker as first president | IT PRO
An outspoken critic of the dangers of AI, Whittaker promises to keep Signal users out of tech giants' "surveillant gaze"
π1
π’ German firms beef up cyber security to stay ahead of new threats π’
π Read
via "ITPro".
Ongoing Russia-Ukraine war increased digitisation, and disruptions from COVID-19 call for advanced security tools and servicesπ Read
via "ITPro".
IT PRO
German firms beef up cyber security to stay ahead of new threats | IT PRO
Ongoing Russia-Ukraine war increased digitisation, and disruptions from COVID-19 call for advanced security tools and services
π’ Sophos: Retail organisations pay significantly less in ransomware attacks π’
π Read
via "ITPro".
It's a game of volume in retail since despite being the second-most targeted industry, the average payment per case is well below the industry averageπ Read
via "ITPro".
IT PRO
Sophos: Retail organisations pay significantly less in ransomware attacks | IT PRO
It's a game of volume in retail since despite being the second-most targeted industry, the average payment per case is well below the industry average
π’ Second-largest US school district falls to ransomware attack π’
π Read
via "ITPro".
Los Angeles Unified School District detected βunusual activityβ across its IT systems over the weekendπ Read
via "ITPro".
IT PRO
Second-largest US school district falls to ransomware attack | IT PRO
Los Angeles Unified School District detected βunusual activityβ across its IT systems over the weekend
π’ Japan investigates potential Russian Killnet cyber attacks π’
π Read
via "ITPro".
The hacker group has said itβs revolting against the countryβs militarism and that itβs βkicking the samuraiβπ Read
via "ITPro".
IT PRO
Japan investigates potential Russian Killnet cyber attacks | IT PRO
The hacker group has said itβs revolting against the countryβs militarism and that itβs βkicking the samuraiβ
π’ Instagram slapped with β¬405 million GDPR fine over breaches π’
π Read
via "ITPro".
The social media platform becomes the third Meta-owned company to be hit with privacy penaltyπ Read
via "ITPro".
IT PRO
Instagram slapped with β¬405 million GDPR fine over breaches | IT PRO
The social media platform becomes the third Meta-owned company to be hit with privacy penalty
π’ TikTok refutes allegations of a massive security breach π’
π Read
via "ITPro".
The alleged hack compromised account details of over two billion TikTok usersπ Read
via "ITPro".
IT PRO
TikTok refutes allegations of a massive security breach | IT PRO
The alleged hack compromised account details of over two billion TikTok users
π’ InterContinental Hotels Group confirms cyber attack, experts suggest ransomware π’
π Read
via "ITPro".
Customers had been reporting issues with reservations for days and security experts have sparked discussions of a more serious incidentπ Read
via "ITPro".
IT PRO
InterContinental Hotels Group confirms cyber attack, experts suggest ransomware | IT PRO
Customers had been reporting issues with reservations for days and security experts have sparked discussions of a more serious incident
π’ 'Potentially unsecured' SMBs are propping up an IT supply chain riddled with ransomware π’
π Read
via "ITPro".
More than half of IT supply chains have been impacted by ransomware attacks in recent years and organisations are failing to implement the necessary steps to prevent future damageπ Read
via "ITPro".
IT PRO
'Potentially unsecured' SMBs are propping up an IT supply chain riddled with ransomware | IT PRO
More than half of IT supply chains have been impacted by ransomware attacks in recent years and organisations are failing to implement the necessary steps to prevent future damage
π’ Exclusive Networks hires Paul Eccleston as new UK&I managing director π’
π Read
via "ITPro".
The experienced business leader will look to drive the cyber security specialistβs next phase of growthπ Read
via "ITPro".
IT PRO
Exclusive Networks hires Paul Eccleston as new UK&I Managing Director | IT PRO
Experienced business leader will look to drive the cybersecurity specialistβs next phase of growth
π’ Bus and rail operator Go-Ahead Group confirms "cyber security incident" π’
π Read
via "ITPro".
The public transport giant has been tight-lipped on the nature of the supposed attack but has tasked IBM with helping it recoverπ Read
via "ITPro".
IT PRO
Bus and rail operator Go-Ahead Group confirms "cyber security incident" | IT PRO
The public transport giant has been tight-lipped on the nature of the supposed attack but has tasked IBM with helping it recover