A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Daily Archives: October 7, 2022
CVE-2021-40164
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
CVE-2021-40163
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
CVE-2021-40162
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
CVE-2020-15855
CVE-2022-22493
IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449.
CVE-2022-22480
IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889.
LofyGang Group Linked to Recent Software Supply Chain Attacks
The group focuses on utilizing open-source software for malicious purposes
python-django3-3.2.15-2.el8
FEDORA-EPEL-2022-0793e00396
Packages in this update:
python-django3-3.2.15-2.el8
Update description:
Updates to Django 3.2.15 which addresses https://nvd.nist.gov/vuln/detail/CVE-2022-34265 affecting Django < 3.2.14
RCE on Log4j Among Top CVEs Exploited By Chinese-Backed Hackers
In a joint advisory, three US agencies, NSA, CISA and FBI, warned about Chinese threat actors