Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

BlackBerry Introduces Integrated Solution to Assure Secure Bi-Directional Response Communications During Cyber Incidents

BlackBerry integrates award-winning CylanceGUARD and BlackBerry AtHoc technologies for "combat-ready" cyber event continuity planning and response.

DARKReading
Open in Source
#mac#intel
CVE-2023-1582: Re: [stable-5.15 PATCH] fs/proc: task_mmu.c: don't read mapcount for migration entry

A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.

AppSec Looms Large for RSAC 2023 Innovation Sandbox Finalists

Application security is the dominant trend for this year's startup contest, but AI, blockchain, and compliance are all represented as well.

CVE-2022-4939: WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation — Wordfence Intelligence

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to modify the membership registration form in a way that allows them to set the role for registration to that of any user including administrators. Once configured, the attacker can then register as an administrator.

CVE-2023-1879: Stored XSS @ updatecategory in phpmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2022-45115: TALOS-2022-1684 || Cisco Talos Intelligence Group

A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-22660: TALOS-2023-1722 || Cisco Talos Intelligence Group

A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document.

CVE-2022-43664: TALOS-2022-1673 || Cisco Talos Intelligence Group

A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability.

CVE-2023-22291: Multiple vulnerabilities in JustSystems products

An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-1866: YourChannel <= 1.2.3 - Cross-Site Request Forgery to Plugin Channel Reset — Wordfence Intelligence

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin's channel settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.