#sap

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a cross site request forgery vulnerability.

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2...

Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution. Tracked as CVE-2022-37958 (CVSS score: 8.1), the flaw was previously described as an information disclosure vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism. SPNEGO,

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.

SAP@ Host Agent suffers from a privilege escalation vulnerability.

Red Hat Security Advisory 2022-8989-01 - The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Issues addressed include an out of bounds write vulnerability.

Intelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability.

Former pure-play deception startup Illusive attracts Proofpoint with its repositioned platform focusing on identity threat detection and response (ITDR).

The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.

Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: Microsoft Tags: Android Tags: Apple Tags: Mozilla Tags: Google Tags: Sap Tags: Citrix Tags: Fortinet Tags: Cisco Tags: CVE-2022-44698 Tags: MotW Tags: CVE-2022-44710 Tags: race condition Tags: CVE-2022-44670 Tags: CVE-2022-44676 Tags: CVE-2022-41076 Tags: remote powershell The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed (Read more...) The post Update now! Two zero-days fixed in 2022's last patch Tuesday appeared first on Malwarebytes Labs.