Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Google: With Cloud Comes APIs & Security Headaches

APIs are key to cloud transformation, but two Google surveys find that cyberattacks targeting them are reaching a tipping point, even as general cloud security issues abound.

DARKReading
#vulnerability#web#mac#google#git#intel#sap
WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload

WordPress Yith WooCommerce Gift Cards Premium plugin versions 3.19.0 and below suffer from a remote shell upload vulnerability.

Accelerate Your Incident Response

Tis the season for security and IT teams to send out that company-wide email: “No, our CEO does NOT want you to buy gift cards.”  As much of the workforce signs off for the holidays, hackers are stepping up their game. We’ll no doubt see an increase in activity as hackers continue to unleash e-commerce scams and holiday-themed phishing attacks. Hackers love to use these tactics to trick end

Security Is a Second-Class Citizen in High-Performance Computing

Vendors and operators attempt to balance power and security, but right now, power is the highest goal.

CVE-2022-41649: TALOS-2022-1631 || Cisco Talos Intelligence Group

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-41794: TALOS-2022-1626 || Cisco Talos Intelligence Group

A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-38143: TALOS-2022-1630 || Cisco Talos Intelligence Group

A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-43602: TALOS-2022-1656 || Cisco Talos Intelligence Group

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`

CVE-2022-43595: TALOS-2022-1653 || Cisco Talos Intelligence Group

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files.

CVE-2022-41999: TALOS-2022-1635 || Cisco Talos Intelligence Group

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.