βΌ CVE-2022-43245 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43249 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39381 βΌ
π Read
via "National Vulnerability Database".
Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43244 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43236 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43235 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45446 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43255 βΌ
π Read
via "National Vulnerability Database".
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43250 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43238 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43243 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43242 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.π Read
via "National Vulnerability Database".
π1
ποΈ Malicious proof-of-concepts are exposing GitHub users to malware and more ποΈ
π Read
via "The Daily Swig".
New research suggests thousands of PoCs could be dangerousπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Malicious proof-of-concepts are exposing GitHub users to malware and more
New research suggests thousands of PoCs could be dangerous
β OpenSSL patches are out β CRITICAL bug downgraded to HIGH, but patch anyway! β
π Read
via "Naked Security".
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...π Read
via "Naked Security".
Naked Security
OpenSSL patches are out β CRITICAL bug downgraded to HIGH, but patch anyway!
That bated-breath OpenSSL update is out! Itβs no longer rated CRITICAL, but we advise you to patch ASAP anyway. Hereβs whyβ¦
β SHA-3 code execution bug patched in PHP β check your version! β
π Read
via "Naked Security".
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!π Read
via "Naked Security".
Naked Security
SHA-3 code execution bug patched in PHP β check your version!
As everyone waits for news of a bug in OpenSSL, hereβs a reminder that other cryptographic code in your life may also need patching!
βΌ CVE-2022-43227 βΌ
π Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39356 βΌ
π Read
via "National Vulnerability Database".
Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is temporarily disabling invitations with `SiteSetting.max_invites_per_day = 0` or scope them to individual email addresses.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39353 βΌ
π Read
via "National Vulnerability Database".
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3575 βΌ
π Read
via "National Vulnerability Database".
Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39241 βΌ
π Read
via "National Vulnerability Database".
Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41551 βΌ
π Read
via "National Vulnerability Database".
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php.π Read
via "National Vulnerability Database".
π1