βΌ CVE-2022-43995 βΌ
π Read
via "National Vulnerability Database".
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the compiler and processor architecture.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43237 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43240 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43252 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43245 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43249 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39381 βΌ
π Read
via "National Vulnerability Database".
Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43244 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43236 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43235 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45446 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43255 βΌ
π Read
via "National Vulnerability Database".
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43250 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43238 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43243 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43242 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
π1
ποΈ Malicious proof-of-concepts are exposing GitHub users to malware and more ποΈ
π Read
via "The Daily Swig".
New research suggests thousands of PoCs could be dangerousπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Malicious proof-of-concepts are exposing GitHub users to malware and more
New research suggests thousands of PoCs could be dangerous
β OpenSSL patches are out β CRITICAL bug downgraded to HIGH, but patch anyway! β
π Read
via "Naked Security".
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...π Read
via "Naked Security".
Naked Security
OpenSSL patches are out β CRITICAL bug downgraded to HIGH, but patch anyway!
That bated-breath OpenSSL update is out! Itβs no longer rated CRITICAL, but we advise you to patch ASAP anyway. Hereβs whyβ¦
β SHA-3 code execution bug patched in PHP β check your version! β
π Read
via "Naked Security".
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!π Read
via "Naked Security".
Naked Security
SHA-3 code execution bug patched in PHP β check your version!
As everyone waits for news of a bug in OpenSSL, hereβs a reminder that other cryptographic code in your life may also need patching!
βΌ CVE-2022-43227 βΌ
π Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39356 βΌ
π Read
via "National Vulnerability Database".
Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses.π Read
via "National Vulnerability Database".