Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-21499: git/torvalds/linux.git - Linux kernel source tree

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).

CVE
#mac#linux#git#oracle#chrome
CVE-2022-30702: Security Bulletin: Trend Micro Security Out-Of-Bounds Read Information Disclosure Vulnerability

Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine.

CVE-2022-29226: oauth2: do not blindly accept requests with a token in the Authorizat… · envoyproxy/envoy@7ffda4e

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue.

Emotet Banking Trojan Resurfaces, Skating Past Email Security

The malware is using spreadsheets, documents, and other types of Microsoft Office attachments in a new and improved version that is often able to bypass email gateway-security scanners.

Threat Source newsletter (June 9, 2022) — Get ready for Cisco Live

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Another week, another conference. We’re heading a few miles southeast from San Francisco to Las Vegas for Cisco Live. I hope everyone had a safe, healthy and enjoyable RSA, but the fun isn’t over just... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Cisco Revamps Cloud Security Strategy With New Secure Access, SASE Portfolio

The company's vision for the future of cloud security is based on simplified, horizontal coverage across multiple cloud platforms.

CVE-2022-29404: security - CVE-2022-29404: Apache HTTP Server: Denial of service in mod_lua r:parsebody

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

CVE-2022-26377: security - CVE-2022-26377: Apache HTTP Server: mod_proxy_ajp: Possible request smuggling

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.

CVE-2022-30556: security - CVE-2022-30556: Apache HTTP Server: Information Disclosure in mod_lua with websockets

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

CVE-2022-28614: security - CVE-2022-28614: Apache HTTP Server: read beyond bounds via ap_rwrite()

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.