tipc: guard against string buffer overrun

...

wireguard: netlink: access device through ctx instead of peer

...

Apache HTTP Server: HTTP response splitting

...

CVE-2202-3602

creationtimestamp| type| source ---|---|--- 2022-11-02 06:00:00+00:00| seen| https://msrc.microsoft.com/blog/2022/11/microsoft-guidance-related-to-openssl-risk-cve-2022-3786-and-cve-2202-3602/...

CVE-2022-3786

creationtimestamp| type| source ---|---|--- 2022-11-01 17:28:35+00:00| seen| https://t.me/thehackernews/2723 2022-11-01 17:42:03+00:00| seen| https://t.me/ctinow/72672 2022-11-01 18:14:16+00:00| seen| Telegram/BvLKt3rLrvV1MavTWtzUjCGDDZdoZfIDa5boheIt5lY5uHc 2022-11-01 19:15:11+00:00| seen|...

CVE-2022-3602

creationtimestamp| type| source ---|---|--- 2022-11-01 17:25:50+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus20/2022 2022-11-01 17:28:35+00:00| seen| https://t.me/thehackernews/2723 2022-11-01 18:14:16+00:00| seen| Telegram/BvLKt3rLrvV1MavTWtzUjCGDDZdoZfIDa5boheIt5lY5uHc...

CVE-2022-35829

creationtimestamp| type| source ---|---|--- 2022-10-19 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2022/10/awareness-and-guidance-related-to-potential-service-fabric-explorer-sfx-v1-web-client-risk/ 2023-01-05 21:55:21+00:00| published-proof-of-concept| https://t.me/RESOLUTEATTACK/316...

CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

At the end of May, researchers from the naosec team reported a new zero-day vulnerability in Microsoft Support Diagnostic Tool MSDT that can be exploited using Microsoft Office documents. It allowed attackers to remotely execute code on Windows systems, while the victim could not even open the...

CVE-2022-21894

creationtimestamp| type| source ---|---|--- 2022-01-12 00:17:56+00:00| seen| https://t.me/cibsecurity/35295 2022-08-18 13:42:44+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2984 2022-08-18 15:53:26+00:00| seen| https://t.me/crackcodes/1040 2022-08-18 15:56:07+00:00| seen|...

Two Active Directory Bugs Lead to Easy Windows Domain Takeover

A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover. In a Monday alert, Microsoft urged organizations to immediately patch the pair of bugs, tracked as CVE-2021-42287 and...

CVE-2021-38649

creationtimestamp| type| source ---|---|--- 2021-09-15 16:22:29+00:00| seen| https://t.me/cibsecurity/28884 2021-09-16 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2021/09/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/ 2021-11-08 08:58:18+00:00|...

Microsoft Guidance for Addressing Security Feature Bypass in GRUB

Executive Summary Microsoft is aware of a vulnerability in the GRand Unified Boot Loader GRUB, commonly used by Linux. This vulnerability, known as “There’s a Hole in the Boot”, could allow for Secure Boot bypass. To exploit this vulnerability, an attacker would need to have administrative...

HPSBHF03678 rev. 2 - GRUB2 Bootloader Arbitrary Code Execution

Potential Security Impact Arbitrary Code Execution Source: HP, HP Product Security Response Team PSRT Reported By: Eclypsium, Inc. VULNERABILITY SUMMARY HP has been informed of a potential security vulnerability in GRUB2 bootloaders commonly used by Linux. This vulnerability, known as “There’s a...

Beers with Talos Ep. #71: I Have the Power(Shell)

Beers with Talos BWT Podcast episode No. 71 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Jan. 17, 2020 PowerShell is a frequent flyer in security headlines — a powerful and oft-wielded tool for attacke...

Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities

Executive Summary On May 14, 2019, Intel published information about a new subclass of speculative execution side channel vulnerabilities known as Microarchitectural Data Sampling. An attacker who successfully exploited these vulnerabilities may be able to read privileged data across trust...