#microsoft

CVE-2021-27425: GitHub - cesanta/mongoose-os: Mongoose OS - an IoT Firmware Development Framework. Supported microcontrollers: ESP32, ESP8266, CC3220, CC3200, STM32F4, STM32L4, STM32F7. Amazon AWS IoT, Microsoft Azur

Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

2 years ago

CVE

Open in Source

#google #microsoft #amazon #apache #js #git #java #aws #ibm #mongo #ssl

Third-Party App Access Is the New Executable File

By providing these apps and other add-ons for SaaS platforms and associated permissions, businesses present bad actors with more opportunities to gain access to company data.

2 years ago

DARKReading

Open in Source

#vulnerability #mac #google #microsoft #oauth #auth

CVE-2022-23400: TALOS-2022-1465 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

2 years ago

CVE

Open in Source

#vulnerability #web #mac #windows #microsoft #linux #cisco #dos #intel #c++#pdf #buffer_overflow

CVE-2022-22137: TALOS-2022-1449 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability.

2 years ago

CVE

Open in Source

#vulnerability #web #mac #windows #microsoft #linux #cisco #intel #pdf

How to Choose Tech Stack for Mobile App Development

By Owais Sultan What a good tech stack for a mobile app is and how to, actually, pick the right one… This is a post from HackRead.com Read the original post: How to Choose Tech Stack for Mobile App Development

2 years ago

HackRead

Open in Source

#web #ios #android #google #microsoft #java #perl

Red Hat Security Advisory 2022-1520-01

Red Hat Security Advisory 2022-1520-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.6.2 serves as a replacement for Red Hat JBoss Web Server 5.6.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

2 years ago

Packet Storm

Open in Source

#vulnerability #web #windows #microsoft #linux #red_hat #apache #nodejs #java #ssl

GitHub Says Recent Attack Involving Stolen OAuth Tokens Was "Highly Targeted"

Cloud-based code hosting platform GitHub described the recent attack campaign involving the abuse of OAuth access tokens issued to Heroku and Travis-CI as "highly targeted" in nature. "This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories," GitHub's Mike Hanley said in an

2 years ago

The Hacker News

Open in Source

#microsoft #nodejs #git #oauth #auth #The Hacker News

CVE-2022-28118: SSCMS-PluginShell/Detail.md at main · Richard-Tang/SSCMS-PluginShell

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.

2 years ago

CVE

Open in Source

#microsoft #git #ssh

CVE-2022-24974: Published security vulnerabilities - Menlo Security

Links may not be rewritten according to policy in some specially formatted emails.