βΌ CVE-2022-47093 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pidπ Read
via "National Vulnerability Database".
βΌ CVE-2022-47656 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273π Read
via "National Vulnerability Database".
βΌ CVE-2022-47663 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609π Read
via "National Vulnerability Database".
βΌ CVE-2022-47088 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47655 βΌ
π Read
via "National Vulnerability Database".
Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>π Read
via "National Vulnerability Database".
βΌ CVE-2022-47087 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.cπ Read
via "National Vulnerability Database".
βΌ CVE-2022-47086 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.cπ Read
via "National Vulnerability Database".
βΌ CVE-2022-47660 βΌ
π Read
via "National Vulnerability Database".
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.cπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4378 βΌ
π Read
via "National Vulnerability Database".
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
β Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches β
π Read
via "Naked Security".
Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.π Read
via "Naked Security".
Naked Security
Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches
Lessons for us all: improve cryptography, fight cybercrime, own your supply chainβ¦ and donβt steal my data and then pretend youβre sorry.
β S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text] β
π Read
via "Naked Security".
Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)π Read
via "Naked Security".
Naked Security
S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]
Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)
π΄ Bluebottle Continues Bank Heist Assault With Signed Malware π΄
π Read
via "Dark Reading".
The financially motivated threat group, also known as OPERA1ER, demonstrated an evolution in tactics in its compromise of three Francophone financial institutions in Africa, likely adding to its $11 million to-date haul.π Read
via "Dark Reading".
Dark Reading
Bluebottle Continues Bank Heist Assault With Signed Malware
The financially motivated threat group, also known as OPERA1ER, demonstrated an evolution in tactics in its compromise of three Francophone financial institutions in Africa, likely adding to its $11 million to-date haul.
βΌ CVE-2022-43573 βΌ
π Read
via "National Vulnerability Database".
IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4434 βΌ
π Read
via "National Vulnerability Database".
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43844 βΌ
π Read
via "National Vulnerability Database".
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4435 βΌ
π Read
via "National Vulnerability Database".
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4432 βΌ
π Read
via "National Vulnerability Database".
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0086 βΌ
π Read
via "National Vulnerability Database".
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be used to enable SVG uploads that could make Cross-Site Scripting possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4433 βΌ
π Read
via "National Vulnerability Database".
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46168 βΌ
π Read
via "National Vulnerability Database".
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as they are likely already familiar with one another's email addresses. This issue is patched in versions 2.8.14 and 2.9.0.beta15. The fix is that someone sending emails out via group SMTP to non-staged users masks those emails with blind carbon copy (BCC). Staged users are ones that have likely only interacted with the group via email, and will likely include other people who were CC'd on the original email to the group. As a workaround, disable group SMTP for any groups that have it enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41740 βΌ
π Read
via "National Vulnerability Database".
IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.π Read
via "National Vulnerability Database".