Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-1204: security - CVE-2022-1204: Linux kernel: UAF caused by binding operation when ax25 device is detaching

A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

CVE
Open in Source
#vulnerability#web#mac#windows#linux#git#php#auth
CVE-2022-1199: security - CVE-2022-1199 kernel: Null pointer dereference and use-after-free in ax25_release()

A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.

CVE-2022-0851: Red Hat Customer Portal - Access to 24x7 support and knowledge

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager.

Cyber-Insurance Firms Limit Payouts, Risk Obsolescence

Businesses need to re-evaluate their cyber-insurance policies as firms like Lloyd's of London continue to add restrictions, including excluding losses related to state-backed cyberattackers.

A week in security (August 22 - August 28)

Categories: News Tags: cryptojackers Tags: CISA Tags: Reddit Tags: social engineering Tags: Google Tags: PLex Tags: Hikvision Tags: patch management Tags: ChromeOS Tags: Twitter Tags: Binance Tags: Gitlab Tags: TrickBot Tags: LastPass The important security news of this week (Read more...) The post A week in security (August 22 - August 28) appeared first on Malwarebytes Labs.

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked as CVE-2021-38406 (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful

CVE-2022-34668: NVFLARE unsafe deserialization due to Pickle

NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

CVE-2022-38563: Vuln/Tenda M3/formSetFixTools_Mac at main · xxy1126/Vuln

Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter.

DoorDash Data Breach -Third Party Vendor Blamed Over Phishing Attack

By Deeba Ahmed DoorDash has revealed that hackers managed to steal third-party employee credentials and used them to access some of the company's internal tools and customer data. This is a post from HackRead.com Read the original post: DoorDash Data Breach -Third Party Vendor Blamed Over Phishing Attack

A US Propaganda Operation Hit Russia and China With Memes

Plus: An Iranian hacking tool steals inboxes, LastPass gets hacked, and a deepfake scammer targets the crypto world.