βΌ CVE-2022-22989 βΌ
π Read
via "National Vulnerability Database".
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service. Addressed the vulnerability by adding defenses against stack overflow issues.cπ Read
via "National Vulnerability Database".
βΌ CVE-2021-34933 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14911.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34997 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AppStudioUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13894.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0178 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Access Controlπ Read
via "National Vulnerability Database".
βΌ CVE-2021-45760 βΌ
π Read
via "National Vulnerability Database".
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability allows attackers to cause a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-23218 βΌ
π Read
via "National Vulnerability Database".
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42551 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23222 βΌ
π Read
via "National Vulnerability Database".
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23219 βΌ
π Read
via "National Vulnerability Database".
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20698 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33962 βΌ
π Read
via "National Vulnerability Database".
China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component.π Read
via "National Vulnerability Database".
β S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode -listen to it or read it now!π Read
via "Naked Security".
Naked Security
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
Latest episode -listen to it or read it now!
β Three Plugins with Same Bug Put 84K WordPress Sites at Risk β
π Read
via "Threat Post".
Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform.π Read
via "Threat Post".
Threat Post
Three Plugins with Same Bug Put 84K WordPress Sites at Risk
Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform.
β REvil ransomware crew allegedly busted in Russia, says FSB β
π Read
via "Naked Security".
The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew.π Read
via "Naked Security".
Naked Security
REvil ransomware crew allegedly busted in Russia, says FSB
The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous βREvilβ ransomware crew.
β Russian Security Takes Down REvil Ransomware Gang β
π Read
via "Threat Post".
The country's FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil's infrastructure.π Read
via "Threat Post".
Threat Post
Russian Security Takes Down REvil Ransomware Gang
The country's FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil's infrastructure.
ποΈ Apache Software Foundation warns its patching efforts are being undercut by use of end-of-life software ποΈ
π Read
via "The Daily Swig".
Non-profit shares metrics in its latest annual security review of 350-plus projectsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Apache Software Foundation warns its patching efforts are being undercut by use of end-of-life software
Non-profit shares metrics in its latest annual security review of 350-plus projects
βΌ CVE-2022-0213 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
π΄ What's Next for Patch Management: Automation π΄
π Read
via "Dark Reading".
The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.π Read
via "Dark Reading".
Dark Reading
What's Next for Patch Management: Automation
The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.
β βBe Afraid:β Massive Cyberattack Downs Ukrainian Govβt Sites β
π Read
via "Threat Post".
As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. βBe afraidβ was scrawled on the Foreign Ministry site.π Read
via "Threat Post".
Threat Post
βBe Afraid:β Massive Cyberattack Downs Ukrainian Govβt Sites
As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. βBe afraidβ was scrawled on the Foreign Ministry site.
ποΈ Researcher discloses alleged zero-day vulnerabilities in NUUO NVRmini2 recording device ποΈ
π Read
via "The Daily Swig".
Exploit code has also been released for flaws that supposedly date back to 2016π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researcher discloses alleged zero-day vulnerabilities in NUUO NVRmini2 recording device
Exploit code has also been released for flaws that supposedly date back to 2016
β Real Big Phish: Mobile Phishing & Managing User Fallibility β
π Read
via "Threat Post".
Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.π Read
via "Threat Post".
Threat Post
Real Big Phish: Mobile Phishing & Managing User Fallibility
Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.