#amazon

Ubuntu Security Notice 5700-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.

Container and Kubernetes adoption brings the promise of faster application development and delivery at larger scales -- however, it also brings with it new security challenges. Protecting cloud-native applications can require significant changes in how organizations approach IT security. They need to apply controls earlier in the application development lifecycle, use existing infrastructure to apply and enforce these controls, keep up with increasingly rapid release schedules, and more.

Two flaws in the popular developer cloud platform show how weaknesses in authorization functions and SaaS flaws can put cloud apps at risk.

Categories: News Tags: food Tags: medical Tags: nhs Tags: gousto Tags: compromise Tags: laptop Tags: vouchers Peter Foy racked up a peculiar list of compromises before being brought to justice (Read more...) The post An odd kind of cybercrime: Gift vouchers, medical records, and...food appeared first on Malwarebytes Labs.

Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.

The new open source specification from Open Compute Project is backed by Google, Nvidia, Microsoft, and AMD.

Many enterprises continue to leave cloud storage buckets exposed despite widely available documentation on how to properly secure them.