Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day

Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its

The Hacker News
Open in Source
#sql#vulnerability#android#mac#windows#apple#google#microsoft#ubuntu#linux#debian#cisco#red_hat#apache#git#oracle#wordpress#rce#samba#vmware#lenovo#auth#ibm#dell#zero_day#chrome#sap#The Hacker News
CVE-2022-35582: WAPPLES Web Application Firewall Multiple Vulnerabilities

Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control.

Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs

In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.

CVE-2022-22483: IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. (CVE-2022-22483)

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

CVE-2022-35637: IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. (CVE-2022-35637)

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.

CVE-2022-34336: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714.

CVE-2022-38306: heap-buffer-overflow in elf_reader · Issue #763 · lief-project/LIEF

LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc.

CVE-2022-38495: heap-buffer-overflow in macho_reader.c · Issue #767 · lief-project/LIEF

LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.

CVE-2022-38497: SEGV in CoreFile.tcc:69 · Issue #766 · lief-project/LIEF

LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69.

CVE-2022-38307: SEGV in SegmentCommand.cpp:149 · Issue #764 · lief-project/LIEF

LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.