CVE-2022-28282

Summary: CVE-2022-28282 is a use-after-free in the L10n/TranslateDocument path triggered when destroying an object during JavaScript execution and then referencing it via a freed pointer, with exploits tied to Firefox/Thunderbird. Affected versions: Thunderbird < 91.8, Firefox < 99, and Fir...

Malicious code in eg-auth-ui-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 437e53aa9aa9cbd8bae160de3b5b28fa886c8552f617e61fbe93c938c4e2029c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2678 Malicious code in eg-auth-ui-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 437e53aa9aa9cbd8bae160de3b5b28fa886c8552f617e61fbe93c938c4e2029c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Privacy predictions 2023

Our last edition of privacy predictions focused on a few important trends where business and government interests intersect, with regulators becoming more active in a wide array of privacy issues. Indeed, we saw regulatory activity around the globe. In the US, for example, the FTC has requested...

Policy trends: where are we today on regulation in cyberspace?

This is the first edition of our policy analysis and observations of trends in the regulation of cyberspace, and cybersecurity, within the Kaspersky Security Bulletin. This year so far has been very challenging: increased tensions in international relations have had a huge impact on both cyberspa...

Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022

The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022, as it's called, aims to secure personal data, while also seeking...

September 27, 2022—KB5019311 (OS Build 22621.525) Out-of-band

None None...

Service-Update-0.40-for-Microsoft-Dynamics CRM ( on-premises)-9.0

Service-Update-0.40-for-Microsoft-Dynamics CRM on-premises-9.0 Dynamics 365 Introduction Service Update 9.0.40 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.40. More information Update package|...

GHSA-8WM5-8H9C-47PC Apache Hadoop argument injection vulnerability

Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...

CVE-2022-25168

Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...

Fedora: Security Advisory for golang-x-text (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-gosexy-gettext-0.9-8.fc36

Go bindings for GNU gettext, an internationalization and localization library for writing multilingual systems...

Fedora: Security Advisory for golang-github-gosexy-gettext (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: golang-github-gosexy-gettext-0.9-7.fc35

Go bindings for GNU gettext, an internationalization and localization library for writing multilingual systems...

Fedora: Security Advisory for golang-x-text (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-x-text (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-x-text-0.3.7-2.fc36

Text is a repository of text-related packages related to internationalization i18n and localization l10n, such as character encodings, text transformations, and locale-specific text handling...

Malicious code in @epic-mw/localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a02d41f96074f4eb8d18299277cd8de53b91d344bc012f910e70d55b75f60335 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in carbon-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a0b88b3ad7aaf575333d90fce017445adc4d400a5bf1c7bd2ca3078d3e4dad0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1827 Malicious code in carbon-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a0b88b3ad7aaf575333d90fce017445adc4d400a5bf1c7bd2ca3078d3e4dad0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...