Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

CVE-2021-44718: wolfSSL Security Vulnerabilities | wolfSSL Embedded SSL/TLS Library

wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.

CVE
Open in Source
#vulnerability#web#mac#cisco#dos#git#perl#amd#buffer_overflow#samsung#auth#ssh#sap#ssl
CVE-2022-1902: Red Hat Customer Portal - Access to 24x7 support and knowledge

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

CVE-2022-2806: [ovirt] answer files: Filter out all password keys by didib · Pull Request #2947 · sosreport/sos

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev

CVE-2022-28199: Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) - August 2022

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.

Ubuntu Security Notice USN-5591-1

Ubuntu Security Notice 5591-1 - It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Controversial Kids' Code aims to keep children safe online

Categories: News Tags: Legal Tags: child Tags: children Tags: teen Tags: safety Tags: COPPA We take a look at a child safety bill in California which sounds useful, but is raising some concerns related to privacy and security of its own. (Read more...) The post Controversial Kids' Code aims to keep children safe online appeared first on Malwarebytes Labs.

Microsoft Discover Severe ‘One-Click’ Exploit for TikTok Android App

Microsoft on Wednesday disclosed details of a now-patched "high severity vulnerability" in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link. "Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," Dimitrios Valsamaras of the Microsoft

CVE-2022-36130: HCSEC-2022017 - Boundary Allowed Access To Host Sets And Credential Sources For Authorized Users Of Another Scope

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

CVE-2022-2898

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition.

Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack

The ongoing campaign is spreading worldwide, using the lure of a fully functional Google Translate application for desktops that has helped the threat stay undetected for months.