Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-40875: Tenda ax1803 is vulnerable to a buffer overflow - Riv4ille

Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo.

CVE
#vulnerability#web#mac#windows#apple#dos#rce#buffer_overflow#chrome#webkit#wifi
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?

Supply chain attacks were all the rage in 2020 after SolarWinds, but we seem to have forgotten how important they are.

CVE-2022-3725: Stack Overflow Write - OPUS dissector - dissect_opus() frames (#18378) · Issues · Wireshark Foundation / wireshark · GitLab

Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file

Fake Proof-of-Concepts used to lure security professionals

Categories: Exploits and vulnerabilities Categories: News Tags: PoC Tags: PoCs Tags: Leiden Tags: GitHub Tags: VirusTotal Tags: AbuseIPDB Researchers from Leiden University analyzed many thousands of Proof-of-Concepts and found that 10 percent of those they found on GitHub are malicious (Read more...) The post Fake Proof-of-Concepts used to lure security professionals appeared first on Malwarebytes Labs.

CVE-2022-3095: sdk/CHANGELOG.md at master · dart-lang/sdk

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue.

Critical OpenSSL fix due Nov 1—what you need to know

Categories: News Tags: fix Tags: bug Tags: vulnerability Tags: exploit Tags: attack Tags: patch Tags: update Tags: OpenSSL Tags: v3 Tags: v1 Tags: 3.0.5. Version 3.0.7 of OpenSSL will fix the software's first critical issue for six years. (Read more...) The post Critical OpenSSL fix due Nov 1—what you need to know appeared first on Malwarebytes Labs.

Chrome users, you have 3 months to say goodbye to Windows 7 and 8.1

Categories: News Tags: Google Chrome Tags: Chrome 110 Tags: Windows 7 Tags: Windows 10 Tags: Windows 11 Tags: Windows 8.1 Tags: Windows Subsystem for Android Tags: WSA Chrome will not be there for you when Microsoft ends its Extended Security Updates program for legacy Windows versions early next year. (Read more...) The post Chrome users, you have 3 months to say goodbye to Windows 7 and 8.1 appeared first on Malwarebytes Labs.

Vagrant Synced Folder Vagrantfile Breakout

This Metasploit module exploits a default Vagrant synced folder (shared folder) to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable vagrant directory on the guest virtual machine. This directory includes the project Vagrantfile configuration file. Ruby code within the Vagrantfile is loaded and executed when a user runs any vagrant command from the project directory on the host, leading to execution of Ruby code on the host.

CVE-2022-2782: Security Advisory 2022-21

In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.

CVE-2022-2508: Security Advisory 2022-22

In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.