May 2022 - Page 69 of 179 - Cyber Security News

CWE-1293 – Missing Source Correlation of Multiple Independent Data

Description The software relies on one source of data, preventing the ability to detect if an adversary has compromised a data source. Modes of Introduction:...

rocco

May 26, 2022May 26, 2022

CWE

CWE-1292 – Incorrect Conversion of Security Identifiers

Description The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can...

rocco

May 26, 2022May 26, 2022

CWE

CWE-1291 – Public Key Re-Use for Signing both Debug and Production Code

Description The same public key is used for signing both debug and production code. Modes of Introduction: - Implementation Related Weaknesses CWE-693 CWE-321...

rocco

May 26, 2022May 26, 2022

CWE

CWE-1290 – Incorrect Decoding of Security Identifiers

Description The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can...

rocco

May 26, 2022May 26, 2022

CWE

CWE-129 – Improper Validation of Array Index

Description The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to...

rocco

May 26, 2022May 26, 2022

CWE

CWE-1289 – Improper Validation of Unsafe Equivalence in Input

Description The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or...

rocco

May 26, 2022May 26, 2022

CWE

CWE-1288 – Improper Validation of Consistency within Input

Description The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or...

rocco

May 26, 2022May 26, 2022

CWE

CWE-1287 – Improper Validation of Specified Type of Input

Description The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input...

rocco

May 26, 2022

CWE

CWE-1286 – Improper Validation of Syntactic Correctness of Input

Description The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate...

rocco

May 26, 2022May 26, 2022

CWE

CWE-1285 – Improper Validation of Specified Index, Position, or Offset in Input

Description The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file,...

rocco

May 26, 2022May 26, 2022

The AI Fix #25: Beware of the superintelligence, and a spam-eating AI super gran

Palo Alto Networks Patches Critical Firewall Vulnerability

Ransomware Gangs on Recruitment Drive for Pen Testers

Why Italy Sells So Much Spyware

Navigating SaaS Security Risks: Key Strategies and Solutions

Malware delivered via malicious QR codes sent in the post

Suspected Phobos Ransomware Admin Extradited to US

Companies Take Over Seven Months to Recover From Cyber Incidents

Swiss Cyber Agency Warns of QR Code Malware in Mail Scam

Month: May 2022

CWE-1293 – Missing Source Correlation of Multiple Independent Data

CWE-1292 – Incorrect Conversion of Security Identifiers

CWE-1291 – Public Key Re-Use for Signing both Debug and Production Code

CWE-1290 – Incorrect Decoding of Security Identifiers

CWE-129 – Improper Validation of Array Index

CWE-1289 – Improper Validation of Unsafe Equivalence in Input

CWE-1288 – Improper Validation of Consistency within Input

CWE-1287 – Improper Validation of Specified Type of Input

CWE-1286 – Improper Validation of Syntactic Correctness of Input

CWE-1285 – Improper Validation of Specified Index, Position, or Offset in Input