βΌ CVE-2022-31702 βΌ
π Read
via "National Vulnerability Database".
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.π Read
via "National Vulnerability Database".
βοΈ Six Charged in Mass Takedown of DDoS-for-Hire Sites βοΈ
π Read
via "Krebs on Security".
The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold βbooterβ or βstresserβ services β businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.π Read
via "Krebs on Security".
Krebs on Security
Six Charged in Mass Takedown of DDoS-for-Hire Sites
The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold βbooterβ or βstresserβ services β businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knockβ¦
π΄ Cybereason Warns Global Organizations Against Destructive Ransomware Attacks From Black Basta Gang π΄
π Read
via "Dark Reading".
The Royal Ransomware Group has emerged as a threat to companies in 2022 and they have carried out dozens of successful attacks on global companies. Cybereason suggests that companies raise their awareness of this potential pending threat.π Read
via "Dark Reading".
Dark Reading
Cybereason Warns Global Organizations Against Destructive Ransomware Attacks From Black Basta Gang
The Royal Ransomware Group has emerged as a threat to companies in 2022 and they have carried out dozens of successful attacks on global companies. Cybereason suggests that companies raise their awareness of this potential pending threat.
π΄ NSA Slices Up 5G Mobile Security Risks π΄
π Read
via "Dark Reading".
The feds' mobile service provider guidance details cybersecurity threat vectors associated with 5G network slicing.π Read
via "Dark Reading".
Dark Reading
NSA Slices Up 5G Mobile Security Risks
The feds' mobile service provider guidance details cybersecurity threat vectors associated with 5G network slicing.
βΌ CVE-2022-3104 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3105 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().π Read
via "National Vulnerability Database".
βΌ CVE-2022-46344 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47409 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4501 βΌ
π Read
via "National Vulnerability Database".
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2601 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46343 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47411 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47408 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47406 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3106 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().π Read
via "National Vulnerability Database".
βΌ CVE-2022-3107 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4283 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46342 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X seπ Read
via "National Vulnerability Database".
βΌ CVE-2022-46340 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3108 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().π Read
via "National Vulnerability Database".
βΌ CVE-2022-3917 βΌ
π Read
via "National Vulnerability Database".
Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data.π Read
via "National Vulnerability Database".