Read Time:3 Second
Victim companies have a combined revenue of around $550m
Monthly Archives: December 2022
USN-5783-1: Linux kernel (OEM) vulnerability
Read Time:12 Second
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.
Meta’s Bug Bounty Program Shows $2m Awarded in 2022
Read Time:4 Second
The total amount since the program’s establishment in 2011 is reportedly $16m
CVE-2021-35252 (serv-u)
Read Time:10 Second
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
Social Blade Confirms Data Breach Exposing PII on the Dark Web
Read Time:4 Second
The company confirmed the data does not include any credit card information
Data breach at Social Blade confirmed. Hacker offers to sell database on underground website
Read Time:12 Second
Social media analytics service Social Blade has confirmed that it is investigating a security breach, after a hacker offered its user database for sale on an underground criminal website.
Read more in my article on the Hot for Security blog.
CVE-2021-28655
Read Time:11 Second
The improper Input Validation vulnerability in “â€�Move folder to Trashâ€� feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
mod_auth_openidc-2.4.12.2-1.fc36
Read Time:10 Second
FEDORA-2022-6beaa3bd0c
Packages in this update:
mod_auth_openidc-2.4.12.2-1.fc36
Update description:
CVE-2022-23527 mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character
mod_auth_openidc-2.4.12.2-1.fc37
Read Time:10 Second
FEDORA-2022-e139408490
Packages in this update:
mod_auth_openidc-2.4.12.2-1.fc37
Update description:
CVE-2022-23527 mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character
mod_auth_openidc-2.4.12.2-1.fc38
Read Time:22 Second
FEDORA-2022-105be2997e
Packages in this update:
mod_auth_openidc-2.4.12.2-1.fc38
Update description:
Automatic update for mod_auth_openidc-2.4.12.2-1.fc38.
Changelog
* Fri Dec 16 2022 Tomas Halman <thalman@redhat.com> – 2.4.12.2-1
Rebase to 2.4.12.2 version
– Resolves: rhbz#2153658 – CVE-2022-23527 mod_auth_openidc: Open Redirect in
oidc_validate_redirect_url() using tab character