βΌ CVE-2022-28748 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38120 βΌ
π Read
via "National Vulnerability Database".
UPSMON PROΓ’β¬β’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45196 βΌ
π Read
via "National Vulnerability Database".
Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34666 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37345 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3957 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28611 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40750 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36377 βΌ
π Read
via "National Vulnerability Database".
Incorrect default permissions in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36789 βΌ
π Read
via "National Vulnerability Database".
Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38099 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36938 βΌ
π Read
via "National Vulnerability Database".
DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.π Read
via "National Vulnerability Database".
π1
β Dangerous SIM-swap lockscreen bypass β update Android now! β
π Read
via "Naked Security".
A bit like leaving the front door keys under the doormat...π Read
via "Naked Security".
Naked Security
Dangerous SIM-swap lockscreen bypass β update Android now!
A bit like leaving the front door keys under the doormatβ¦
π2
π΄ Quantum Cryptography Apocalypse: A Timeline and Action Plan π΄
π Read
via "Dark Reading".
Quantum computing's a clear threat to encryption, and post-quantum crypto means adding new cryptography to hardware and software without being disruptive.π Read
via "Dark Reading".
Dark Reading
Quantum Cryptography Apocalypse: A Timeline and Action Plan
Quantum computing's a clear threat to encryption, and post-quantum crypto means adding new cryptography to hardware and software without being disruptive.
π΄ Avatier Achieves ISO 27001 Certification for its Information Security Management System π΄
π Read
via "Dark Reading".
Designation recognizes highest caliber of information security.π Read
via "Dark Reading".
Dark Reading
Avatier Achieves ISO 27001 Certification for its Information Security Management System
Designation recognizes highest caliber of information security.
π΄ Privacy4Cars Secures Fourth Patent to Remove Privacy Information From Vehicles and Create Compliance Logs π΄
π Read
via "Dark Reading".
Data-deletion service's patent covers removing personal information such as geolocation, biometrics, and phone records from a vehicle by using a user-computing deviceπ Read
via "Dark Reading".
Dark Reading
Privacy4Cars Secures Fourth Patent to Remove Privacy Information From Vehicles and Create Compliance Logs
Data-deletion service's patent covers removing personal information such as geolocation, biometrics, and phone records from a vehicle by using a user-computing device
π1
ποΈ All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks ποΈ
π Read
via "The Daily Swig".
AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breachπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks
AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach
β βGucci Masterβ business email scammer Hushpuppi gets 11 years β
π Read
via "Naked Security".
Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...π Read
via "Naked Security".
Naked Security
βGucci Masterβ business email scammer Hushpuppi gets 11 years
Learn how to protect yourself from big-money tricksters like the Hushpuppis of the worldβ¦
π΄ Unpatched Zimbra Platforms Are Probably Compromised, CISA Says π΄
π Read
via "Dark Reading".
Attackers are targeting Zimbra systems in the public and private sectors, looking to exploit multiple vulnerabilities, CISA says.π Read
via "Dark Reading".
Dark Reading
Unpatched Zimbra Platforms Are Probably Compromised, CISA Says
Attackers are targeting Zimbra systems in the public and private sectors, looking to exploit multiple vulnerabilities, CISA says.
π1
π΄ Australia Declares War on Cybercrime Syndicates π΄
π Read
via "Dark Reading".
An international counter-ransomware task force has been announced by Australian authorities following the recent Optus and Medibank data breaches.π Read
via "Dark Reading".
Dark Reading
Australia Declares War on Cybercrime Syndicates
An international counter-ransomware task force has been announced by Australian authorities following the recent Optus and Medibank data breaches.
π€―2π1
π΄ Researchers Sound Alarm on Dangerous BatLoader Malware Dropper π΄
π Read
via "Dark Reading".
BatLoader has spread rapidly to roost in systems globally, tailoring payloads to its victims.π Read
via "Dark Reading".
Dark Reading
Researchers Sound Alarm on Dangerous BatLoader Malware Dropper
BatLoader has spread rapidly to roost in systems globally, tailoring payloads to its victims.
π1π€1