Aggregator

A vulnerability, which was classified as problematic, was found in SAP Supplier Relationship Management 7.52. Affected is an unknown function of the component Master Data Management Catalogue. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-43006. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

The latest wave of activity in Ukraine suggests that Pyongyang is seeking to “better understand the appetite to continue fighting against the Russian invasion” and “the medium-term outlook of the conflict,” according to the latest report by cybersecurity firm Proofpoint.

M&S said that some customer data — but not payment card details or passwords — had been breached in a recent cyberattack.

Умные технологии делают авто удобным. И для тебя, и для хакеров.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 4.19.249/5.4.201/5.10.126/5.15.50/5.18.7. Affected by this issue is the function virtnet_freeze. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-49687. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in openSUSE libeconf up to 0.5.1. This vulnerability affects unknown code of the component Config File Handler. The manipulation leads to buffer overflow. This vulnerability was named CVE-2023-22652. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component. During the analysis of our data team we suspected a duplicate CVE assignment as CVE-2023-30079.

A vulnerability was found in Linux Kernel up to 5.18.2. It has been classified as problematic. Affected is the function listen of the component AF_RXRPC. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-49450. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.3. It has been classified as critical. This affects the function slgt_clean. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2022-49307. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.197/5.10.121/5.15.46/5.17.14/5.18.3 and classified as critical. Affected by this issue is the function driver_attach. The manipulation of the argument drv leads to use after free. This vulnerability is handled as CVE-2022-49385. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.18.2. Affected by this issue is the function __drm_universal_plane_init. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2021-47659. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.17.1. This issue affects the function qla_create_qpair. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2022-49155. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.18.2. Affected is the function printk. The manipulation leads to deadlock. This vulnerability is traded as CVE-2022-49441. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

奢侈品巨头 “迪奥” 突遭数据安全危机

奢侈品巨头 “迪奥” 突遭数据安全危机

APT37 ворует данные, не оставляя следов на диске.

A vulnerability was found in Linux Kernel up to 5.18.2. It has been classified as critical. This affects the function pvr2_i2c_core_init. The manipulation leads to improper initialization. This vulnerability is uniquely identified as CVE-2022-49478. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.17.1. Affected by this vulnerability is the function nfssvc_decode_writeargs of the file fs/nfsd/nfsxdr.c. The manipulation leads to insufficient verification of data authenticity. This vulnerability is known as CVE-2022-49280. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.18.2. This affects the function virtio_gpu_conn_get_modes. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2022-49532. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.