βΌ CVE-2022-25720 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-39253 βΌ
π Read
via "National Vulnerability Database".
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22077 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25719 βΌ
π Read
via "National Vulnerability Database".
Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-33217 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25723 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25718 βΌ
π Read
via "National Vulnerability Database".
Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25748 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25664 βΌ
π Read
via "National Vulnerability Database".
Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-33210 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value. in Snapdragon Autoπ Read
via "National Vulnerability Database".
βΌ CVE-2020-23648 βΌ
π Read
via "National Vulnerability Database".
Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25736 βΌ
π Read
via "National Vulnerability Database".
Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
π΄ A New Solution to the Cybersecurity Skills Gap: Building Security into Operational Teams π΄
π Read
via "Dark Reading".
Why β and how β companies should consider shifting day-to-day security responsibilities out to operations teams. The move would elevate the team's level of decision-making and help address the challenge of finding professionals with security-specific credentials.π Read
via "Dark Reading".
Dark Reading
A New Solution to the Cybersecurity Skills Gap: Building Security into Operational Teams
Why β and how β companies should consider shifting day-to-day security responsibilities out to operations teams. The move would elevate the team's level of decision-making and help address the challenge of finding professionals with security-specific credentials.
π΄ Revelstoke Teams Up With BreachRx, Offering Users Automated Incident Response and Compliance Solutions π΄
π Read
via "Dark Reading".
New partnership gives security analysts simplicity when sifting through data, thorough readouts of compliance options, and streamlined response to incidents.π Read
via "Dark Reading".
Dark Reading
Revelstoke Teams Up With BreachRx, Offering Users Automated Incident Response and Compliance Solutions
New partnership gives security analysts simplicity when sifting through data, thorough readouts of compliance options, and streamlined response to incidents.
ποΈ Security certification body (ISC)Β² defends βundemocraticβ bylaw changes ποΈ
π Read
via "The Daily Swig".
Former chair bemoans βcoup by governanceβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Security certification body (ISC)Β² defends βundemocraticβ bylaw changes
Former chair bemoans βcoup by governanceβ
π΄ DigiCert Appoints Industry Veteran Amit Sinha as Chief Executive Officer π΄
π Read
via "Dark Reading".
Former Zscaler president to lead DigiCert's next stage of growth as the company accelerates its strategy, expands its product offering, and works to become the de facto standard for digital trust.π Read
via "Dark Reading".
Dark Reading
DigiCert Appoints Industry Veteran Amit Sinha as Chief Executive Officer
Former Zscaler president to lead DigiCert's next stage of growth as the company accelerates its strategy, expands its product offering, and works to become the de facto standard for digital trust.
π΄ GroupSense Delivers New Ransomware Negotiation Training Service π΄
π Read
via "Dark Reading".
Training service prepares ransomware response teams for successful threat actor engagement to mitigate damage, protect brand reputation, anticipate emerging threats, and more.π Read
via "Dark Reading".
Dark Reading
GroupSense Delivers New Ransomware Negotiation Training Service
Training service prepares ransomware response teams for successful threat actor engagement to mitigate damage, protect brand reputation, anticipate emerging threats, and more.
π1
βΌ CVE-2022-43037 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43040 βΌ
π Read
via "National Vulnerability Database".
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43038 βΌ
π Read
via "National Vulnerability Database".
Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43039 βΌ
π Read
via "National Vulnerability Database".
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.π Read
via "National Vulnerability Database".