Aggregator

A vulnerability described as critical has been identified in Oracle Fusion Middleware MapViewer 12.2.1.4.0. The impacted element is an unknown function of the component Install. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2022-40146. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as critical, has been found in Oracle Financial Services Revenue Management and Billing up to 4.0. Affected by this vulnerability is an unknown functionality of the component Infrastructure. Performing manipulation results in information disclosure. This vulnerability is cataloged as CVE-2022-40146. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as problematic has been identified in Red Hat 389-ds-base. This vulnerability affects unknown code of the component Content Synchronization Plugin. Such manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2022-2850. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability categorized as critical has been discovered in vim. This impacts an unknown function. The manipulation results in stack-based buffer overflow. This vulnerability was named CVE-2022-3324. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in FreeRDP up to 2.8.0. It has been rated as problematic. This affects an unknown function of the component parallel Command Handler. Performing manipulation results in uninitialized resource. This vulnerability is known as CVE-2022-39282. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in FreeRDP up to 2.8.0. This impacts an unknown function of the component video Command Handler. Executing manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2022-39283. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in U-Boot 4096. The impacted element is an unknown function of the component DFU. The manipulation of the argument wLength results in heap-based buffer overflow. This vulnerability is identified as CVE-2022-2347. An attack on the physical device is feasible. There is not any exploit available.

AI数据泄露新焦点：攻击面从模型转向基础设施与辅助编程工具

谷歌AI发现Safari五大漏洞，苹果发布更新全面修复。

预约直播还可领取《腾讯云游戏安全最佳实践与解决方案》！

人人都能上手的侧信道攻击实验环境

ПО из 2003-го, треть залов без камер и 10 лет пренебрежения рисками лишь усугубили ситуацию.

美国总统特朗普再次提名亿万富翁、私人宇航员 Jared Isaacman 为 NASA 局长。他在声明中没有解释为什么今年五月撤回了对 Isaacman 的提名而如今又再次认为他能胜任。此前特朗普取消提名被认为与马斯克（Elon Musk）退出特朗普的核心圈子有关，Isaacman 是马斯克青睐的人选，曾搭乘 SpaceX 的飞船多次飞到地球轨道。特朗普在今年 7 月任命了运输部长 Sean Duffy 兼任 NASA 局长，但他最近的一系列言论和透露的 NASA 的计划引发了很多争议。与此同时，特朗普的幕僚则在继续推荐 Isaacman，而 Isaacman 也被发现与特朗普多次共餐，显示两人关系良好。美国政府目前处于停摆中，确认 Isaacman 的提名可能需要很长的时间。

How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data

Iran is spying on American foreign policy influencers. But exactly which of its government's APTs is responsible remains a mystery.

​​入门级无人机也可以非常好玩。

AI 驱动的商业革命，正在重新定义一个古老的问题——什么才是「会做生意」。

The Salesloft Drift OAuth token breach compromised Salesforce data across hundreds of enterprises, including Cloudflare, Zscaler, and Palo Alto Networks. Learn how attackers exploited OAuth tokens, the risks of connected app misuse, and key steps to strengthen Salesforce and multi-cloud security.

The post Salesloft Drift Breaches: Your Complete Response Guide  appeared first on Security Boulevard.