βΌ CVE-2022-37453 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3621 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39823 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free errorπ Read
via "National Vulnerability Database".
βΌ CVE-2022-36958 βΌ
π Read
via "National Vulnerability Database".
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38108 βΌ
π Read
via "National Vulnerability Database".
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3619 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36957 βΌ
π Read
via "National Vulnerability Database".
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3620 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211919.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36966 βΌ
π Read
via "National Vulnerability Database".
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-3638 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Nginx and classified as problematic. This issue affects some unknown processing of the file ngx_resolver.c of the component IPv4 Off Handler. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211937 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42553 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-3637 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3635 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3636 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3633 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.π Read
via "National Vulnerability Database".
ποΈ Login spoofing issue in GitHub nets researcher $10k bug bounty reward ποΈ
π Read
via "The Daily Swig".
Platform pays high reward for bug reported as βlow severityβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Login spoofing issue in GitHub nets researcher $10k bug bounty reward
Platform pays high reward for bug reported as βlow severityβ
βΌ CVE-2022-3640 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2022-43400 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.π Read
via "National Vulnerability Database".
β S3 Ep105: WONTFIX! The MS Office cryptofail that βisnβt a security flawβ [Audio + Text] β
π Read
via "Naked Security".
The coolest video game ever! And lots of solid cybersecurity advice - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep105: WONTFIX! The MS Office cryptofail that βisnβt a security flawβ [Audio + Text]
The coolest video game ever! And lots of solid cybersecurity advice β listen now!
π1
β When cops hack back: Dutch police fleece DEADBOLT criminals (legally!) β
π Read
via "Naked Security".
Crooks: Show us the money! Cops: How about you show us the decryption keys first?π Read
via "Naked Security".
Naked Security
When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)
Crooks: Show us the money! Cops: How about you show us the decryption keys first?