What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-29 17:15:09 | CVE-2022-3756 (lien direct) | A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496. | Vulnerability Guideline | ★★★ | |
|
2022-10-29 17:15:09 | CVE-2022-3757 (lien direct) | A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability. | Vulnerability Guideline | ★★★★★ | |
 |
2022-10-29 14:53:00 | How will Twitter change under Elon Musk? (lien direct) | >Cybhorus CEO Pierluigi Paganini talks to TRT World about Elon Musk completing his $44 billion deal to buy Twitter and what changes he will make to the social media platform. Of course, the first impact will be on the leadership, Elon Musk was critical in the past with Agrawal's leadership. Musk will also take action […] | Guideline | ||
|
2022-10-28 19:47:43 | Multiple vulnerabilities affect the Juniper Junos OS (lien direct) | >Juniper Networks devices are affected by multiple high-severity issues, including code execution vulnerabilities. Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices. “Multiple vulnerabilities have been found in the J-Web component of Juniper Networks Junos OS. One or more of these issues could lead to unauthorized local file access, cross-site scripting attacks, path […] | Guideline | ||
|
2022-10-28 17:15:23 | CVE-2022-39366 (lien direct) | DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds. | Vulnerability Guideline | ★★★★ | |
 |
2022-10-28 16:30:11 | From \'Generation Kill\' to driving digital diplomacy: Nate Fick digs into role as first U.S. cyber ambassador (lien direct) | Fick says the State Department 'has a rightful place to assert leadership' when it comes to setting American cyber policy. | Guideline | ||
|
2022-10-28 16:15:16 | CVE-2022-3697 (lien direct) | A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. | Guideline | ||
 |
2022-10-28 15:03:47 | VENAFI - Mattias Gees commente la faille de sécurité critique qui a surgi cette semaine dans OpenSSL (lien direct) | L'équipe du projet OpenSSL a annoncé qu'une mise à jour de sécurité critique serait corrigée le 1er novembre 2022, à l'occasion de la sortie d'OpenSSL v3. La dernière fois qu'OpenSSL a publié un correctif de vulnérabilité critique était en 2016, et c'est seulement le deuxième correctif à se voir attribuer une note critique. Mattias Gees, Container Product Lead chez Venafi apporte son commentaire : " L'annonce de la nouvelle vulnérabilité critique d'OpenSSL a immédiatement fait resurgir des souvenirs peu (...) - Vulnérabilités | Guideline | ||
|
2022-10-28 13:15:16 | CVE-2022-3741 (lien direct) | Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. | Vulnerability Guideline | ★★★ | |
|
2022-10-28 11:53:32 | Ping Identity est désigné comme un leader dans trois rapports KuppingerCole Leadership Compass 2022 (lien direct) | Ping Identity est désigné comme un leader dans trois rapports KuppingerCole Leadership Compass 2022 Ping Identity est reconnu pour son excellence en matière de CIAM, d'authentification sans mot de passe et d'identité vérifiée. - Magic Quadrant | Guideline | ||
 |
2022-10-28 11:45:15 | AWS : la croissance reste forte au troisième trimestre 2022 (lien direct) | AWS reste le solide leader des services de Cloud public avec une croissance de 27 % sur an an. Mais elle reste en deça de celle enregistrée un an plus tôt. | Guideline | ||
 |
2022-10-28 10:40:22 | Supply Chain Attacks Or Vulnerabilities Experienced By 80% Of Organisations (lien direct) | It has been reported that four out of five (80%) organisations have been notified of a vulnerability or attack in their supply chain of software in the past 12 months, according to new research. The survey of 1500 IT decision makers and cybersecurity leaders across the UK, North America, and Australia demonstrated the significant impact […] | Vulnerability Guideline | ||
|
2022-10-28 08:15:15 | CVE-2022-3735 (lien direct) | A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-28 08:15:14 | CVE-2022-3734 (lien direct) | A vulnerability was found in Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212416. | Vulnerability Guideline | ||
|
2022-10-28 08:15:14 | CVE-2022-3733 (lien direct) | A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212415. | Vulnerability Guideline | ||
|
2022-10-28 08:15:13 | CVE-2022-3731 (lien direct) | A vulnerability has been found in seccome Ehoney and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/attack/token. The manipulation of the argument Payload leads to sql injection. The attack can be launched remotely. The identifier VDB-212413 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-28 08:15:13 | CVE-2022-3730 (lien direct) | A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file /api/v1/attack/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212412. | Vulnerability Guideline | ||
|
2022-10-28 08:15:13 | CVE-2022-3732 (lien direct) | A vulnerability was found in seccome Ehoney and classified as critical. Affected by this issue is some unknown functionality of the file /api/v1/bait/set. The manipulation of the argument Payload leads to sql injection. The attack may be launched remotely. VDB-212414 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-28 08:15:12 | CVE-2022-3729 (lien direct) | A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212411. | Vulnerability Guideline | ||
|
2022-10-28 07:15:16 | CVE-2022-3616 (lien direct) | Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. | Guideline | ★★★ | |
|
2022-10-28 02:15:17 | CVE-2022-37915 (lien direct) | A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected. | Vulnerability Guideline | ||
|
2022-10-28 02:15:17 | CVE-2022-37914 (lien direct) | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | Guideline | ||
|
2022-10-28 02:15:17 | CVE-2022-31678 (lien direct) | VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. | Guideline | ||
|
2022-10-28 02:15:17 | CVE-2022-37913 (lien direct) | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | Guideline | ★★★★ | |
 |
2022-10-28 00:00:00 | (Déjà vu) Manufacturing Cybersecurity: Trends & Survey Response (lien direct) | Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry's challenges and present Trend Micro's recommendations. | Guideline | ||
|
2022-10-27 23:15:10 | CVE-2022-3378 (lien direct) | Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write. | Guideline | ||
|
2022-10-27 17:15:10 | CVE-2022-41996 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions | Vulnerability Guideline | ||
|
2022-10-27 17:15:10 | CVE-2022-40183 (lien direct) | An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user. | Guideline | ||
 |
2022-10-27 16:25:00 | Fortinet Named a Leader in the 2022 Forrester Wave™ for Enterprise Firewalls (lien direct) | Fortinet has been named a Leader in The Forrester Wave™: Enterprise Firewalls, Q4 2022 report. Learn more about how Fortinet's NGFW serves as an enabler of digital acceleration through convergence of advanced networking and security capabilities. | Guideline | ||
|
2022-10-27 16:15:09 | CVE-2022-3095 (lien direct) | The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue. | Guideline | ||
|
2022-10-27 15:15:10 | CVE-2022-39365 (lien direct) | Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually. | Guideline | ||
 |
2022-10-27 12:48:24 | RC4 Is Still Considered Harmful (lien direct) | By James Forshaw, Project ZeroI've been spending a lot of time researching Windows authentication implementations, specifically Kerberos. In June 2022 I found an interesting issue number 2310 with the handling of RC4 encryption that allowed you to authenticate as another user if you could either interpose on the Kerberos network traffic to and from the KDC or directly if the user was configured to disable typical pre-authentication requirements.This blog post goes into more detail on how this vulnerability works and how I was able to exploit it with only a bare minimum of brute forcing required. Note, I'm not going to spend time fully explaining how Kerberos authentication works, there's plenty of resources online. For example this blog post by Steve Syfuhs who works at Microsoft is a good first start.BackgroundKerberos is a very old authentication protocol. The current version (v5) was described in RFC1510 back in 1993, although it was updated in RFC4120 in 2005. As Kerberos' core security concept is using encryption to prove knowledge of a user's credentials the design allows for negotiating the encryption and checksum algorithms that the client and server will use. For example when sending the initial authentication service request (AS-REQ) to the Key Distribution Center (KDC) a client can specify a list supported encryption algorithms, as predefined integer identifiers, as shown below in the snippet of the ASN.1 definition from RFC4120. | Vulnerability Guideline | ||
|
2022-10-27 12:40:28 | L\'emploi des outils de détection et de réponse à incident reste sous-estimé dans le secteur des finances (lien direct) | Selon une étude de Trend Micro, près de 2 entreprises sur 5 du secteur des services financiers n'utilisent pas d'outils de détection et de réponse à incident au niveau du réseau (40 %) ou au niveau des terminaux (39 %). Trend Micro Incorporated, entreprise japonaise parmi les leaders mondiaux en matière de cybersécurité, présente un nouveau volet de son étude 'Everything is connected : uncovering the ransomware threat from global supply chains'. Ce dernier porte sur l'évaluation des entreprises de leur (...) - Investigations | Ransomware Threat Guideline | ||
|
2022-10-27 11:15:12 | CVE-2022-3719 (lien direct) | A vulnerability has been found in Exiv2 and classified as critical. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The name of the patch is a38e124076138e529774d5ec9890d0731058115a. It is recommended to apply a patch to fix this issue. VDB-212350 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-27 11:15:11 | CVE-2022-3718 (lien direct) | A vulnerability, which was classified as problematic, was found in Exiv2. This affects the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The name of the patch is 459910c36a21369c09b75bcfa82f287c9da56abf. It is recommended to apply a patch to fix this issue. The identifier VDB-212349 was assigned to this vulnerability. | Guideline | ||
|
2022-10-27 11:15:10 | CVE-2022-3717 (lien direct) | A vulnerability, which was classified as critical, has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely. The name of the patch is a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212348. | Vulnerability Guideline | ||
|
2022-10-27 10:15:11 | CVE-2022-3716 (lien direct) | A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347. | Vulnerability Guideline | ||
|
2022-10-27 10:15:10 | CVE-2022-3714 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/view_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-212346 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-27 09:54:37 | La fintech Soldo fournit des interactions digitales plus sécurisées et augmente la satisfaction de ses clients avec Dynatrace (lien direct) | La sécurité en continu des applications runtime offerte par Dynatrace permet à Soldo, l'un des leaders du secteur des fintech, de réduire de plusieurs jours à quelques minutes seulement le temps passé pourla détection et la résolution des vulnérabilités logicielles critiques. Dynatrace, the software intelligence company, annonce que Soldo, entreprise leader du secteur des fintech, utilise aujourd'hui Dynatrace® Application Security pour l'aider à garantir la sécurité de ses environnements de (...) - Marchés | Guideline | ||
|
2022-10-27 09:04:03 | BMC Helix SaaS réunit les atouts du ServiceOps et de l\'orchestration des applications d\'entreprise pour accélérer l\'innovation (lien direct) | Ses nouvelles fonctionnalités aident les entreprises à administrer et à réduire la complexité de l'informatique pour asseoir leur compétitivité. BMC, leader mondial des solutions logicielles permettant à ses clients d'évoluer vers le modèle d'Autonomous Digital Enterprise, a apporté de nouvelles innovations à sa solution primée BMC Helix SaaS afin d'aider les entreprises à améliorer la gestion et l'automatisation de leurs activités informatiques complexes, ainsi que l'orchestration de leurs flux (...) - Business | Guideline | ||
|
2022-10-27 08:58:19 | CrowdStrike et EY étendent leur partenariat pour offrir de nouveaux services de sécurité et d\'observabilité cloud (lien direct) | Cette alliance permettra aux équipes DevSecOps de bénéficier du déploiement des plateformes CrowdStrike Cloud Security et Falcon LogScale. CrowdStrike, leader de la protection des postes de travail et des applications sur le cloud, de l'identité et des données, et le cabinet d'audit et de conseil Ernst & Young LLP (EY US), spécialiste des cyber risques, annoncent une extension de leur collaboration afin d'offrir des services de sécurité et d'observabilité cloud, s'appuyant sur la plateforme (...) - Business | Guideline | ||
|
2022-10-27 08:25:28 | Bitdefender et Sharp s\'associent pour renforcer la prévention des menaces ciblant les imprimantes professionnelles multifonctions (lien direct) | La puissante technologie antimalware de Bitdefender protège les clients de Sharp contre les cybermenaces Bitdefender, leader mondial de la cybersécurité, et Sharp Electronics, un des principaux fabricants de produits technologiques au monde, annoncent un nouveau partenariat en vue d'intégrer la technologie antimalware de Bitdefender dans les imprimantes multifonctions de la nouvelle gamme A3 de Sharp. Ce partenariat permettra d'améliorer la cybersécurité et la prévention des menaces sur la (...) - Business | Guideline | ||
|
2022-10-26 21:55:00 | Dominique Meurisse, Gatechwatcher : La cyber sécurité européenne n\'est plus un mythe et devient une réalité (lien direct) | Pour sa deuxième participation à ITSA, Gatewatcher affirme ses ambitions européennes en annonçant un partenariat technologique avec ITWatch un des leaders allemands de la protection du End Point. Pour Dominique Meurisse, VP Sales International de Gatechwatcher du fait des différents accords entre les organisations françaises et allemandes la cyber sécurité européenne n'est plus un mythe et devient une réalité. - International / affiche, itsa 2022 | Guideline | ||
 |
2022-10-26 21:00:00 | Anomali Earns Frost and Sullivan Market Leadership Award for Threat Intelligence Management Platforms (lien direct) | Anomali Earns Frost and Sullivan Market Leadership Award for Broadening their Command of the Threat Intelligence Management Market to Deliver Comprehensive Threat Detection and Response “Keeping up with market trends has certainly paid off for Anomali – the different information inputs have allowed it to make a key strategic move: expanding its TIP to encompass a broader Extended Detection and Response (XDR) focus. Anomali’s ThreatStream, a cloud-native SaaS offering, is the market-leading TIP/threat intelligence management solution.” - Clara Dello Russo, Research Analyst Anomali is proud and honored to earn Frost & Sullivan’s 2022 Global Market Leadership Award in the Threat Intelligence Platforms industry. Anomali was recognized for being at the forefront of innovation and growth, extending its market leadership in threat intelligence to meet the growing challenges of extended threat detection and response. The challenges within the Cyber Threat Intelligence (CTI) space continue to grow. And with that growth, there is an increased need for intelligence-driven solutions that can meet the demands of other parts of the cybersecurity market. We saw the evolution of the threat landscape as an opportunity for us to expand and take advantage of our strengths and the power of our platform. Seven years ago, we recognized that organizations needed a way to collect, aggregate, analyze and operationalize threat intelligence, which led to the development of Anomali ThreatStream, a leading enterprise threat intelligence platform (TIP). Shortly thereafter, we introduced Anomali Match, opening new opportunities for our customers to optimize intelligence by immediately matching internal threats against external threats. This resulted in The Anomali Platform, an integrated cloud native offering that collects and manages unlimited levels of threat data. The Anomali Platform enables investigations, empowers internal threat detection by matching it against all telemetry, and ultimately helps to power faster response by operationalizing intelligence across security infrastructures. At its foundation, our approach aims to close the gap against adversaries by continuously correlating all telemetry with the largest repository of global intelligence to optimize security ecosystems. We introduced The Anomali Platform, a cloud-native solution focused on intelligence-driven threat detection and response. The Anomali platform is unique in that it applies the power of big data, machine learning, and AI to identify and intercept attackers in real time. The Anomali Platform is comprised of: Anomali ThreatStream: Threat intelligence management that automates the collection and processing of raw data and transforms it into actionable threat intelligence for security teams. Anomali Match: Fueled by big data, this threat detection engine helps organizations quickly identify threats in real-time by automatically correlating ALL security telemetry against active threat intelligence to expose known and unknown threats. Anomali Lens: This powerful natural language processing engine extension helps operationalize threat intelligence by automatically scanning web-based content to identify relevant threats and streamline the lifecycle of researching and reporting on them. With this single cloud-native platform approach, customers can leverage common platform capabilities through a single sign-on experience instead of combining multiple systems to manage in silos. Shared cloud capabilities include: High-performance indicator correlation at a rate of 190 trillion EPS. Appliance and cloud to cloud-based ingestion of any security control telemetry. Global intel management across open, comm | Threat Guideline | ||
|
2022-10-26 20:15:10 | CVE-2022-3705 (lien direct) | A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. | Vulnerability Guideline | ||
|
2022-10-26 20:15:10 | CVE-2022-3704 (lien direct) | A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. | Vulnerability Guideline | ||
 |
2022-10-26 19:46:31 | Conceal TV: Cybersecurity Expert Opinion (lien direct) | >National security leaders on cyber threats and solutions. Brought to you by Conceal – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Oct. 26, 2022 The Conceal TV channel features the top cybersecurity guest experts globally. This programming is brought to you by Conceal, a fast-growing company that | Guideline | ||
|
2022-10-26 19:15:27 | CVE-2022-3670 (lien direct) | A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability. | Vulnerability Guideline | APT 17 | |
|
2022-10-26 19:15:26 | CVE-2022-3669 (lien direct) | A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212009 was assigned to this vulnerability. | Vulnerability Guideline | APT 17 | |
|
2022-10-26 19:15:25 | CVE-2022-3668 (lien direct) | A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212008. | Vulnerability Guideline | APT 17 |
To see everything:
Our RSS (filtrered)
