A computer virus is a form of malicious software that piggybacks onto legitimate application code in order to spread and reproduce itself.
Like other types of malware, a virus is deployed by attackers to damage or take control of a computer. Its name comes from the method by which it infects its targets. A biological virus like HIV or the flu cannot reproduce on its own; it needs to hijack a cell to do that work for it, wreaking havoc on the infected organism in the process. Similarly, a computer virus isn’t itself a standalone program. It’s a code snippet that inserts itself into some other application. When that application runs, it executes the virus code, with results that range from the irritating to the disastrous.
It was discovered that SDL (Simple DirectMedia Layer) incorrectly handled
certain files. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
Hacking groups closely linked to the Russian government have made nearly 40 destructive attacks against hundreds of Ukrainian targets since the start of the invasion, according to a report issued by Microsoft.
The attacks have been largely, but not exclusively, targeted at Ukrainian government institutions, and Microsoft’s report noted that these attacks have had damaging effects on the country’s economy and civilian population, in addition to Ukraine’s government and military.
Operating under the apparent direction of three main groups — the GRU military intelligence service, SVR interior ministry and FSB security service — Russian-backed hackers undertook a huge range of offensive cyberoperations against Ukraine, ranging from phishing campaigns and misinformation to data theft and the destruction of critical systems, Microsoft said.
Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2.
An attacker could possibly use this issue to access sensitive information.
(CVE-2022-22576)
Harry Sintonen discovered that curl incorrectly handled certain requests.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)
It was discovered that Ghostscript incorrectly handled certain PostScript
files. If a user or automated system were tricked into processing a
specially crafted file, a remote attacker could possibly use this issue to
access arbitrary files, execute arbitrary code, or cause a denial of
service.
It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)
