OESA-2022-1748 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Using the ioctl function to modify the vcfont.height value through PIOFONT can cause the KASAN: vmalloc-out-of-bounds in sysimageblit problem. Requires tty group permissions to access the device file /dev/tty1.CVE-2021-33656...

CVE-2022-31585

The umeshpatil-dev/Homeinternet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31585

CVE-2022-31585 concerns the umeshpatil-dev/Home__internet repository (through 2020-08-28) where absolute path traversal is possible due to unsafe usage of Flask's send_file. Connected feeds (Red Hat, NVD, CVE lists, CNNVD, PRION, etc.) reiterate the issue as an absolute path traversal vulnerabili...

GHSA-P757-4V3P-J74F Known vulnerable to account takeover via host header injection attack in v1.3.1

Known v1.3.1 was discovered to allow attackers to perform an account takeover via a host header injection attack. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x...

Known vulnerable to code execution via SVG file in v1.3.1

An issue in the isSVG function of Known v1.3.1 allows attackers to execute arbitrary code via a crafted SVG file. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x...

Known v1.3.1 contains Insecure Direct Object Reference

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to an issue in OPM and Golang Go packages (CVE-2020-15257, CVE-2021-21334 and CVE-2021-41771)

Summary IBM MQ Operator catalog container image is vulnerable to an issue in OPM package from Red Hat openshift4/ose-operator-registry and IBM MQ Operator, IBM Supplied Queue Manager container images are vulnerable to an issue in the Golang Go packages. CVE-2020-15257, CVE-2021-21334 and...

Fedora: Security Advisory for golang-github-magefile-mage (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-magefile-mage-1.11.0-5.fc36

A Make/rake-like dev tool using Go...

Orwell-Dev-Cpp Hijacking Vulnerability

Orwell-Dev-Cpp is a free, portable, fast and simple C/C++ IDE. A hijacking vulnerability exists in Orwell-Dev-Cpp v5.11, which can be exploited by an attacker to execute arbitrary code via a specially crafted exe file...

CVE-2022-33036

A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file...

CVE-2022-33036

A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file...

CVE-2022-33037

A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file...

CVE-2022-33037

A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file...

CVE-2022-33037

CVE-2022-33037 affects Orwell-Dev-Cpp v5.11, where a binary hijack allows an attacker to execute arbitrary code by processing a crafted .exe file. The vulnerability is documented across multiple sources (e.g., NVD, Red Hat, CNVD) with the described impact being code execution on local access. The...

CVE-2022-33036

A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file...

CVE-2022-33036

CVE-2022-33036 concerns a binary hijack in Embarcadero Dev-CPP v6.3 that enables arbitrary code execution via a crafted .exe file. The effect is tied to a local attack vector with user interaction required, as documented by NVD and corroborated by Red Hat and OSV/CVE records. The root cause descr...

Orwell-Dev-Cpp 代码问题漏洞

Orwell-Dev-Cpp is a free, portable, fast and simple C/C++ IDE. A hijacking vulnerability exists in Orwell-Dev-Cpp v5.11, which can be exploited by an attacker to execute arbitrary code via a specially crafted exe file...

GSD-2022-1004084 NFC: NULL out the dev->rfkill to prevent UAF

NFC: NULL out the dev-rfkill to prevent UAF This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.318 by commit...

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

A China-based advanced persistent threat APT group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves t...