PT-2022-10154 · Unknown · Mdt Autosave

Name of the Vulnerable Software and Affected Versions: MDT AutoSave versions prior to v6.02.06 Description: An issue exists where an attacker could leverage an API to pass a malicious file, manipulating the process creation command line and potentially running a command line argument. This could...

CVE-2022-27851

Cross-Site Request Forgery CSRF in Use Any Font WordPress plugin = 6.1.7 allows an attacker to deactivate the API key...

Improve Your Hacking Skills with 9 Python Courses for Just $39

For anyone with interest in cybersecurity, learning Python is a must. The language is used extensively in white hat hacking, and professionals use Python scripts to automate tests. It also has a use in the "soft" side of cybersecurity — like scraping the web for compromised data and detecting bug...

[SECURITY] Fedora 36 Update: golang-1.18~rc1-2.fc36

The Go Programming Language...

CVE-2022-27919

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API...

golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet

A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

SUSE SLED15 / SLES15 Security Update : rust, rust1.58, rust1.59 (SUSE-SU-2022:0843-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0843-1 advisory. - Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe...

openSUSE 15 Security Update : rust, rust1.58, rust1.59 (openSUSE-SU-2022:0843-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0843-1 advisory. - Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security...

The vulnerability of the development environment “CX-Programmer,” which is part of the software suite “CX-One” designed for programming and configuring Omron PLCs, arises from reading data from within allowable buffer limits. This allows attackers to disclose sensitive information or execute arbitrary code.

The vulnerability of the development environment provided by CX-Programmer, which is part of the CX-One software suite designed for programming and configuring Omron PLCs, relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to disclose sensitive...

Moderate: Red Hat Security Advisory: libarchive security update

An update for libarchive is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

libarchive security update

An update is available for libarchive. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libarchive programming library can create and read several different...

Moderate: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen...

CodeAnalysis - Static Code Analysis

Tencent Cloud Code Analysis TCA for short, code-named CodeDog inside the company early is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It also supports the integration of other code analysis tools. Code analysis is a...

New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access

A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Tracked as CVE-2022-25636 CVSS score: 7.8, the vulnerability impacts Linux kernel...

CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

CVE-2022-25230

Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One v4.60 suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325...

PT-2022-16851 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.8.2 Description: The issue is a result of improper API route checking, allowing modification of customers and creation of orders without App Permission. This affects Shopware, an open commerce platform based on...

UBUNTU-CVE-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...

PT-2022-1785 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and web-based management interfaces of the affected devices...