admin

GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
Source: NIST
CVE-2022-30976

In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
Source: NIST
CVE-2022-30975

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
Source: NIST
CVE-2022-30974

The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction.
Source: NIST
CVE-2019-25061

In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control –> Access Time Restriction –> Username field, a user cannot delete the rule due to the XSS.
Source: NIST
CVE-2021-41946

Andrew Elliot from DCMS provides an update on government initiatives to boost cybersecurity talent pipeline
Source: Infosecurity
UK Government: Lack of Skills the Number One Issue in Cybersecurity

Commodity kit invites new entrants into the market
Source: Infosecurity
Digital Skimming is Now the Preserve of Non-Magecart Groups

Poor cyber-hygiene to blame for many compromises
Source: Infosecurity
Western Allies Warn of Top Cyber-Attack Mistakes

Blend of phone and face-to-face fraud targets vulnerable
Source: Infosecurity
Police Warn of £15m Courier Scams

MDR Sentinel expands TorchLight’s leading managed detection and response (MDR) services with turnkey SIEM and SOAR capabilities from Microsoft; TorchLight also announces it attains elite Microsoft Gold Partner Status
Source: DarkReading
TorchLight Expands Cybersecurity Services With MDR Sentinel in Partnership With Microsoft