Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-36042: Fix oob write in dyldcache · rizinorg/rizin@556ca2f

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 contains a patch.

CVE
Open in Source
#vulnerability#mac
CVE-2022-36039: Multiple heap out-of-bounds writes in dex.c · Issue #2969 · rizinorg/rizin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. A patch is available on the `dev` branch of the repository.

CVE-2022-2402: [CA8298] Vulnerability fixed in ESET Endpoint Encryption and ESET Full Disk Encryption for Windows

The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD.

CVE-2022-2945

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information.

CVE-2022-31790: security - CVE-2022-31790 CVE-2022-31789: Watchguard XTM/Firebox firewalls: Multiple vulnerabilities

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.

CVE-2022-2735: security - ClusterLabs/PCS: [CVE-2022-2735] Obtaining an authentication token for hacluster user leads to privilege escalation.

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

Internet Security & Encryption Pioneer Peter Eckersley Passes at 43

The founder of Let's Encrypt and an EFF technologist, Eckersley devoted his life's work to making the Internet safer and more secure.

CVE-2022-40112: iot/3.md at main · 1759134370/iot

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa.

CVE-2022-40109: iot/1.md at main · 1759134370/iot

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa.

Wifi HD Wireless Disk Drive 11 Local File Inclusion

Wifi HD Wireless Disk Drive version 11 suffers from a local file inclusion vulnerability.