βΌ CVE-2022-35054 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35042 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35049 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35048 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35045 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35050 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35043 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35056 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35055 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35040 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567.π Read
via "National Vulnerability Database".
ποΈ βWe donβt teach developers how to write secure softwareβ β Linux Foundationβs David A Wheeler on reversing the CVE surge ποΈ
π Read
via "The Daily Swig".
Teach devs security fundamentals to bolster supply chain resilience, argues Wheeler Addressing a decades-old deficiency in coding curriculums could have a profound effect on the security of the softwaπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βWe donβt teach developers how to write secure softwareβ β Linux Foundationβs David A Wheeler on reversing the CVE surge
Teach devs security fundamentals to bolster supply chain resilience, argues Wheeler Addressing a decades-old deficiency in coding curriculums could have a profound effect on the security of the softwa
π΄ Acuity Reports Increase in Cyber Liability Insurance Claims as Cybercrime Skyrockets π΄
π Read
via "Dark Reading".
Acuity Insurance reports ongoing increased insurance risk for individuals and businesses.π Read
via "Dark Reading".
Dark Reading
Acuity Reports Increase in Cyber Liability Insurance Claims as Cybercrime Skyrockets
Acuity Insurance reports ongoing increased insurance risk for individuals and businesses.
π΄ Microsoft 365 Message Encryption Can Leak Sensitive Info π΄
π Read
via "Dark Reading".
The default email encryption used in Microsoft Office's cloud version is leaky, which the company acknowledged but said it wouldn't fix.π Read
via "Dark Reading".
Dark Reading
Microsoft 365 Message Encryption Can Leak Sensitive Info
The default email encryption used in Microsoft Office's cloud version is leaky, which the company acknowledged but said it wouldn't fix.
π1
βΌ CVE-2022-42069 βΌ
π Read
via "National Vulnerability Database".
Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28760 βΌ
π Read
via "National Vulnerability Database".
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3505 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Sanitization Management System. It has been classified as problematic. Affected is an unknown function of the file /php-sms/admin/. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210840.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28762 βΌ
π Read
via "National Vulnerability Database".
Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28759 βΌ
π Read
via "National Vulnerability Database".
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2880 βΌ
π Read
via "National Vulnerability Database".
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3506 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41715 βΌ
π Read
via "National Vulnerability Database".
Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.π Read
via "National Vulnerability Database".