βΌ CVE-2022-43033 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom() which allows attackers to cause a Denial of Service (DoS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43034 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bento4 v1.6.0-639. There is a heap buffer overflow vulnerability in the AP4_BitReader::SkipBits(unsigned int) function in mp42ts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43184 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43044 βΌ
π Read
via "National Vulnerability Database".
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23734 βΌ
π Read
via "National Vulnerability Database".
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43042 βΌ
π Read
via "National Vulnerability Database".
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43185 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43032 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43035 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bento4 v1.6.0-639. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-43043 βΌ
π Read
via "National Vulnerability Database".
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43045 βΌ
π Read
via "National Vulnerability Database".
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39301 βΌ
π Read
via "National Vulnerability Database".
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" - "Profile Picture Upload" allowing theft of the user's personal information. This issue has been patched in 1.1.2. There are no known workarounds.π Read
via "National Vulnerability Database".
π΄ Kaspersky Launches New VPN to Amplify Speed and Convenience π΄
π Read
via "Dark Reading".
New version boosts VPN tunnel performance and lets users prioritize secure connection traffic for certain services.π Read
via "Dark Reading".
Dark Reading
Kaspersky Launches New VPN to Amplify Speed and Convenience
New version boosts VPN tunnel performance and lets users prioritize secure connection traffic for certain services.
π΄ Zscaler Advances Enterprise Data Security With Zero-Configuration Data Protection π΄
π Read
via "Dark Reading".
New data-protection innovations mitigate security risks by expediting deployment cycles and simplifying operational complexity.π Read
via "Dark Reading".
Dark Reading
Zscaler Advances Enterprise Data Security With Zero-Configuration Data Protection
New data-protection innovations mitigate security risks by expediting deployment cycles and simplifying operational complexity.
β Women in Cryptology β USPS celebrates WW2 codebreakers β
π Read
via "Naked Security".
What did you do in the war, Mom? Oh, y'know, a bit of this and that...π Read
via "Naked Security".
Naked Security
Women in Cryptology β USPS celebrates WW2 codebreakers
What did you do in the war, Mom? Oh, yβknow, a bit of this and thatβ¦
π1
π΄ SBOMs: An Overhyped Concept That Won't Secure Your Software Supply Chain π΄
π Read
via "Dark Reading".
We need more than the incomplete snapshot SBOMs provide to have real impact.π Read
via "Dark Reading".
Dark Reading
SBOMs: An Overhyped Concept That Won't Secure Your Software Supply Chain
We need more than the incomplete snapshot SBOMs provide to have real impact.
π1
βΌ CVE-2022-43428 βΌ
π Read
via "National Vulnerability Database".
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43433 βΌ
π Read
via "National Vulnerability Database".
Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43409 βΌ
π Read
via "National Vulnerability Database".
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43419 βΌ
π Read
via "National Vulnerability Database".
Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43420 βΌ
π Read
via "National Vulnerability Database".
Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control or modify Contrast service API responses.π Read
via "National Vulnerability Database".