βΌ CVE-2022-41218 βΌ
π Read
via "National Vulnerability Database".
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2315 βΌ
π Read
via "National Vulnerability Database".
Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41220 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted input.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-40754 βΌ
π Read
via "National Vulnerability Database".
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0495 βΌ
π Read
via "National Vulnerability Database".
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.π Read
via "National Vulnerability Database".
ποΈ Prototype pollution bug in Chromium bypassed Sanitizer API ποΈ
π Read
via "The Daily Swig".
Issue highlights the challenges of preventing client-side attacksπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Prototype pollution bug in Chromium bypassed Sanitizer API
Issue highlights the challenges of preventing client-side attacks
βΌ CVE-2022-38177 βΌ
π Read
via "National Vulnerability Database".
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38178 βΌ
π Read
via "National Vulnerability Database".
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2795 βΌ
π Read
via "National Vulnerability Database".
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3080 βΌ
π Read
via "National Vulnerability Database".
By sending specific queries to the resolver, an attacker can cause named to crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2881 βΌ
π Read
via "National Vulnerability Database".
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2872 βΌ
π Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2906 βΌ
π Read
via "National Vulnerability Database".
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.π Read
via "National Vulnerability Database".
π American Fuzzy Lop plus plus 4.03c π
π Read
via "Packet Storm Security".
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.π Read
via "Packet Storm Security".
Packetstormsecurity
American Fuzzy Lop plus plus 4.03c β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Interested in cybersecurity? Join us for Security SOS Week 2022! β
π Read
via "Naked Security".
Four one-on-one interviews with experts who are passionate about sharing their expertise with the community.π Read
via "Naked Security".
Naked Security
Interested in cybersecurity? Join us for Security SOS Week 2022!
Four one-on-one interviews with experts who are passionate about sharing their expertise with the community.
βΌ CVE-2022-3255 βΌ
π Read
via "National Vulnerability Database".
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3068 βΌ
π Read
via "National Vulnerability Database".
Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38928 βΌ
π Read
via "National Vulnerability Database".
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2888 βΌ
π Read
via "National Vulnerability Database".
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.π Read
via "National Vulnerability Database".
βοΈ SIM Swapper Abducted, Beaten, Held for $200k Ransom βοΈ
π Read
via "Krebs on Security".
A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen's captives held guns to his head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life. The youth is now reportedly cooperating with U.S. federal investigators, who are responding to an alarming number of reports of physical violence tied to certain online crime communities.π Read
via "Krebs on Security".
Krebs on Security
SIM Swapper Abducted, Beaten, Held for $200k Ransom
A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen's captives held guns to his head while forcing him toβ¦
π€―1
βΌ CVE-2022-41234 βΌ
π Read
via "National Vulnerability Database".
Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.π Read
via "National Vulnerability Database".