Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

RHSA-2022:5263: Red Hat Security Advisory: qemu-kvm security and bug fix update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26353: QEMU: virtio-net: map leaking on error during receive * CVE-2022-26354: QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak

Red Hat Security Data
#vulnerability#mac#linux#red_hat#ssh#ibm#sap
CVE-2022-32988: GitHub - FedericoHeichou/CVE-2022-32988

Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Conte...

CVE-2022-27904: Automox: IT Operations Cloud Solution | No VPNs, No Hassle

The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script.

CVE-2021-41995: Ping Identity Documentation Portal

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.

Threat Source newsletter (June 30, 2022) — AI voice cloning is somehow more scary than deepfake videos

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  We took a week off for summer vacation but are back in the thick of security things now.  My first exposure to deepfake videos was when Jordan Peele worked with BuzzFeed News to produce this video of... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-31112: fix: protected fields exposed via LiveQuery; this removes protected f… · parse-community/parse-server@309f64c

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields.

CVE-2022-22478: Information Disclosure and Denial of Service Vulnerabilities in IBM Spectrum Protect Backup-Archive Client (CVE-2022-22478, CVE-2022-22474)

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.

NXM Announces Platform That Protects Space Infrastructure and IoT Devices From Cyberattacks

NXM Autonomous Security protects against network-wide device hacks and defends against critical IoT vulnerabilities.

CVE-2021-37791: There is an ultra vires vulnerability in viewing personal center · Issue #3 · cdfan/my-admin

MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin.

Backdoor.Win32.Cafeini.b MVID-2022-0617 Hardcoded Credential

Backdoor.Win32.Cafeini.b malware suffers from a hardcoded credential vulnerability.