Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-37434: node/inflate.c at 75b68c6e4db515f76df73af476eccf382bbcb00a · nodejs/node

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

CVE
Open in Source
#mac#nodejs#js#java#intel#buffer_overflow
CVE-2022-37030: security - gromox: potential local privilege escalation (CVE-2022-37030)

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.

CVE-2022-31793: Arris / Arris-variant DSL/Fiber router critical vulnerability exposure

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.

Cyberattackers Increasingly Target Cloud IAM as a Weak Link

At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers.

Time to Patch VMware Products Against a Critical New Vulnerability

A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines.

If Bitcoiners Want Bitcoin To Make It Big, They Need DeFi

By Owais Sultan In the last couple of years, decentralized finance and Bitcoin have exploded into mainstream awareness. From 2020 to… This is a post from HackRead.com Read the original post: If Bitcoiners Want Bitcoin To Make It Big, They Need DeFi

Scammers Sent Uber to Take Elderly Lady to the Bank

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters.  In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.

Gentoo Linux Security Advisory 202208-01

Gentoo Linux Security Advisory 202208-1 - A vulnerability in lib3mf could lead to remote code execution. Versions less than 2.1.1 are affected.

Gentoo Linux Security Advisory 202208-05

Gentoo Linux Security Advisory 202208-5 - Multiple vulnerabilities have been found in Icinga Web 2, the worst of which could result in remote code execution. Versions less than 2.9.6 are affected.

Gentoo Linux Security Advisory 202208-04

Gentoo Linux Security Advisory 202208-4 - Multiple vulnerabilities in libmcpp could result in a denial of service condition. Versions less than 2.7.2_p5 are affected.