Read Time:8 Second
It was discovered that Heimdal did not properly manage memory when
normalizing Unicode. An attacker could possibly use this issue to
cause a denial of service.
Daily Archives: December 7, 2022
CVE-2022-23471
Read Time:44 Second
containerd is an open source container runtime. A bug was found in containerd’s CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user’s process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd’s CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.
CVE-2022-2002
Read Time:9 Second
GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
Apple finally adds encryption to iCloud backups
Read Time:12 Second
Apple has rolled out a number of security features that will now offer end-to-end encryption to protect data, including backups, contacts, notes, photos, and wallet passes. The company also announced hardware Security Keys for Apple ID.
freeradius-3.0.26-1.fc36
Read Time:7 Second
FEDORA-2022-98832b2cc2
Packages in this update:
freeradius-3.0.26-1.fc36
Update description:
Update to upstream release 3.0.26.
USN-5765-1: PostgreSQL vulnerability
Read Time:9 Second
Jacob Champion discovered that PostgreSQL incorrectly handled SSL
certificate verification and encryption. A remote attacker could possibly
use this issue to inject arbitrary SQL queries when a connection is first
established.
Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks
Read Time:3 Second
Attacks included fraud, vulnerability exploitation, fake applications and info stealer deployments
CVE-2020-36565
Read Time:11 Second
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
US Congress rolls back proposal to restrict use of Chinese chips
Read Time:12 Second
After business groups argued that proposed legislation to curb use of Chinese-made semiconductors would hurt national security, lawmakers amended it—but a final vote and the president’s approval of the proposed National Defense Authorization Act (NDAA) is still to come.
NZ Privacy Commissioner Investigates Mercury IT Ransomware Attack
Read Time:4 Second
The watchdog also confirmed it plans on opening a compliance investigation into the incident