βΌ CVE-2022-3619 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36957 βΌ
π Read
via "National Vulnerability Database".
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3620 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211919.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36966 βΌ
π Read
via "National Vulnerability Database".
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-3638 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Nginx and classified as problematic. This issue affects some unknown processing of the file ngx_resolver.c of the component IPv4 Off Handler. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211937 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42553 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-3637 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3635 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3636 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3633 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.π Read
via "National Vulnerability Database".
ποΈ Login spoofing issue in GitHub nets researcher $10k bug bounty reward ποΈ
π Read
via "The Daily Swig".
Platform pays high reward for bug reported as βlow severityβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Login spoofing issue in GitHub nets researcher $10k bug bounty reward
Platform pays high reward for bug reported as βlow severityβ
βΌ CVE-2022-3640 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2022-43400 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.π Read
via "National Vulnerability Database".
β S3 Ep105: WONTFIX! The MS Office cryptofail that βisnβt a security flawβ [Audio + Text] β
π Read
via "Naked Security".
The coolest video game ever! And lots of solid cybersecurity advice - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep105: WONTFIX! The MS Office cryptofail that βisnβt a security flawβ [Audio + Text]
The coolest video game ever! And lots of solid cybersecurity advice β listen now!
π1
β When cops hack back: Dutch police fleece DEADBOLT criminals (legally!) β
π Read
via "Naked Security".
Crooks: Show us the money! Cops: How about you show us the decryption keys first?π Read
via "Naked Security".
Naked Security
When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)
Crooks: Show us the money! Cops: How about you show us the decryption keys first?
π΄ Passkey Demos Hint at What's Ahead for Passwordless Authentication π΄
π Read
via "Dark Reading".
At the Authenticate Conference, Google and Microsoft demonstrated their passkey prototypes. Apple, meanwhile, already launched its version in iOS 16.π Read
via "Dark Reading".
Dark Reading
Passkey Demos Hint at What's Ahead for Passwordless Authentication
At the Authenticate Conference, Google and Microsoft demonstrated their passkey prototypes. Apple, meanwhile, already launched its version in iOS 16.
π΄ Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability π΄
π Read
via "Dark Reading".
The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.π Read
via "Dark Reading".
Dark Reading
Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability
The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.
βΌ CVE-2022-3639 βΌ
π Read
via "National Vulnerability Database".
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42942 βΌ
π Read
via "National Vulnerability Database".
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3626 βΌ
π Read
via "National Vulnerability Database".
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.π Read
via "National Vulnerability Database".