βΌ CVE-2022-35991 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35992 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36012 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39212 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is upgraded to 13.0.8 or 14.0.4. Users unable to upgrade should select "None" as camera before joining the call.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39217 βΌ
π Read
via "National Vulnerability Database".
some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version `v1`. Users are advised to use `v1` or later. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39210 βΌ
π Read
via "National Vulnerability Database".
Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3173 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3231 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39960 βΌ
π Read
via "National Vulnerability Database".
The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.π Read
via "National Vulnerability Database".
β UBER HAS BEEN HACKED, boasts hacker β how to stop it happening to you β
π Read
via "Naked Security".
Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?"π Read
via "Naked Security".
Naked Security
UBER HAS BEEN HACKED, boasts hacker β how to stop it happening to you
Uber is all over the news for a widely-publicised data breach. We help you answer the question, βHow do I stop this happening to me?β
β S3 Ep100.5: Uber breach β an expert speaks [Audio + Text] β
π Read
via "Naked Security".
Chester Wisniewski on what we can learn from Uber: "Just because a big company didn't have the security they should doesn't mean you can't."π Read
via "Naked Security".
Naked Security
S3 Ep100.5: Uber breach β an expert speaks [Audio + Text]
Chester Wisniewski on what we can learn from Uber: βJust because a big company didnβt have the security they should doesnβt mean you canβt.β
βΌ CVE-2022-3232 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3234 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40768 βΌ
π Read
via "National Vulnerability Database".
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40766 βΌ
π Read
via "National Vulnerability Database".
Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40769 βΌ
π Read
via "National Vulnerability Database".
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40775 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40774 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-40778 βΌ
π Read
via "National Vulnerability Database".
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38617 βΌ
π Read
via "National Vulnerability Database".
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.π Read
via "National Vulnerability Database".
π3
ποΈ βSecurity teams often fight against developers taking controlβ of AppSec: Tanya Janca on the drive to DevSecOps adoption ποΈ
π Read
via "The Daily Swig".
Infosec advocate speaks to The Daily Swig about the benefits of, and barriers to, βshifting leftβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βSecurity teams often fight against developers taking controlβ of AppSec: Tanya Janca on the drive to DevSecOps adoption
Infosec advocate speaks to The Daily Swig about the benefits of, and barriers to, βshifting leftβ