βΌ CVE-2022-2601 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46343 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47411 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47408 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47406 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3106 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().π Read
via "National Vulnerability Database".
βΌ CVE-2022-3107 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4283 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46342 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X seπ Read
via "National Vulnerability Database".
βΌ CVE-2022-46340 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3108 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().π Read
via "National Vulnerability Database".
βΌ CVE-2022-3917 βΌ
π Read
via "National Vulnerability Database".
Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47410 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3115 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46341 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.π Read
via "National Vulnerability Database".
π’ WithSecure Elements Endpoint Protection review: Holistic protection at a great price π’
π Read
via "ITPro".
Smart cloud-hosted security offering affordable endpoint protection for a wide range of devices at a good priceπ Read
via "ITPro".
ITPro
WithSecure Elements Endpoint Protection review: Holistic protection at a great price
Smart cloud-hosted security offering affordable endpoint protection for a wide range of devices at a good price
π’ Apple issues fix for βactively exploitedβ WebKit zero-day vulnerability π’
π Read
via "ITPro".
The update marks the 10th fix for zero-day vulnerabilities this yearπ Read
via "ITPro".
ITPro
Apple issues fix for βactively exploitedβ WebKit zero-day vulnerability
The update marks the 10th fix for zero-day vulnerabilities this year
π’ Beyond Identity strikes up strategic partnership with World Wide Technology π’
π Read
via "ITPro".
WWT will implement Beyond Identityβs authentication platform internally while also acting as a global channel partnerπ Read
via "ITPro".
channelpro
Beyond Identity strikes up strategic partnership with World Wide Technology
WWT will implement Beyond Identityβs authentication platform internally while also acting as a global channel partner
π’ Uber says compromised third-party to blame for data breach π’
π Read
via "ITPro".
Vulnerable third-party vendor Teqtivity sparks second major incident for Uber in the space of three monthsπ Read
via "ITPro".
ITPro
Uber says compromised third-party to blame for data breach
Vulnerable third-party vendor Teqtivity sparks second major incident for Uber in the space of three months
π’ How to implement strong authentication π’
π Read
via "ITPro".
Strong authentication is hugely important, but implementing any regime at scale is not without its challengesπ Read
via "ITPro".
ITPro
Implementing strong authentication across your business
Strong authentication is hugely important, but implementing any regime at scale is not without its challenges
π’ Cyber attack on Australiaβs TPG Telecom affects 15,000 customers π’
π Read
via "ITPro".
It is the third cyber attack on a major Australian telco since Octoberπ Read
via "ITPro".
ITPro
Cyber attack on Australiaβs TPG Telecom affects 15,000 customers
It is the third cyber attack on a major Australian telco since October