Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Apple Quietly Releases Another Patch for Zero-Day RCE Bug

Apple continues a staged update process to address a WebKit vulnerability that allows attackers to craft malicious Web content to load malware on affected devices.

DARKReading
Open in Source
#vulnerability#web#ios#mac#windows#apple#google#microsoft#rce#zero_day#chrome#webkit#firefox
CVE-2022-36055: Release Helm 3.9.4 · helm/helm

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `--set`, `--set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users won't create large a...

Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks

The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-July 2022 and has claimed 15 victim organizations as of September 1, cybersecurity firm [redacted] said in

Stellar Repair for Access – Software Review

By Owais Sultan If your MS Access database is corrupted or is in an inconsistent state, you can use the Compact… This is a post from HackRead.com Read the original post: Stellar Repair for Access – Software Review

What is a keylogger?

Categories: News People are often confused as to where the security industry draws the line between something that is considered a keylogger and something that is not. Read on to learn what this term means, from a practical perspective. (Read more...) The post What is a keylogger? appeared first on Malwarebytes Labs.

CVE-2022-36676: bug_report/SQLi-1.md at main · Nujabe4/bug_report

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.

CVE-2022-36674: bug_report/SQLi-3.md at main · Nujabe4/bug_report

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.

CVE-2022-36675: bug_report/SQLi-2.md at main · Nujabe4/bug_report

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.

Google Fixes 24 Vulnerabilities With New Chrome Update

But one issue that lets websites overwrite content on a user's system clipboard appears unfixed in the new Version 105 of Chrome.

CVE-2022-37183: CVE-nu11secur1ty/vendors/Piwigo/2022/12.3.0 at main · nu11secur1ty/CVE-nu11secur1ty

Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.