Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

SiriusXM, MyHyundai Car Apps Showcase Next-Gen Car Hacking

A trio of security bugs allow remote attackers to unlock or start the car, operate climate controls, pop the trunk, and more — all via poorly coded mobile apps.

DARKReading
#vulnerability#web#ios#intel#auth
Where Advanced Cyberttackers Are Heading Next: Disruptive Hits, New Tech

Following a year of increasingly disruptive attacks, advanced persistent threat groups will likely only become emboldened in 2023, security experts say.

CVE-2022-44367: CVE-vulns/readme.md at main · Double-q1015/CVE-vulns

Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo.

CVE-2022-44366: CVE-vulns/readme.md at main · Double-q1015/CVE-vulns

Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo.

CVE-2022-44365: CVE-vulns/readme.md at main · Double-q1015/CVE-vulns

Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd.

CVE-2022-44363: CVE-vulns/readme.md at main · Double-q1015/CVE-vulns

Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo.

CVE-2022-44362: CVE-vulns/readme.md at main · Double-q1015/CVE-vulns

Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule.

Ubuntu Security Notice USN-5755-1

Ubuntu Security Notice 5755-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL

IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed "Hell's Keychain" by cloud security firm Wiz, has been described as a "first-of-its-kind supply-chain attack vector impacting a

What the CISA Reporting Rule Means for Your IT Security Protocol

The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than 24 months from the enactment of CIRCIA, which the President signed into law in March. The sessions and