βΌ CVE-2022-0417 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in Conda vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24983 βΌ
π Read
via "National Vulnerability Database".
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issueπ Read
via "National Vulnerability Database".
ποΈ SureMDM bug chain enabled wholesale compromise of managed devices ποΈ
π Read
via "The Daily Swig".
Series of flaws in MDM platform addressed in web console and Linux agentπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SureMDM bug chain enabled wholesale compromise of managed devices
Series of flaws in MDM platform addressed in web console and Linux agent
π΄ Mastercard Launches Global Cybersecurity Alliance Program to Further Secure The Digital Ecosystem π΄
π Read
via "Dark Reading".
New program helps partners accelerate growth and provide scaled delivery of critical cybersecurity and risk services.π Read
via "Dark Reading".
Dark Reading
Mastercard Launches Global Cybersecurity Alliance Program to Further Secure The Digital Ecosystem
New program helps partners accelerate growth and provide scaled delivery of critical cybersecurity and risk services.
π΄ Qualys Adds Advanced Remediation Capabilities to Minimize Vulnerability Risk π΄
π Read
via "Dark Reading".
Update to Qualys Cloud Platform enables organizations to fix asset misconfigurations in addition to patching to achieve comprehensive remediation.π Read
via "Dark Reading".
Dark Reading
Qualys Adds Advanced Remediation Capabilities to Minimize Vulnerability Risk
Update to Qualys Cloud Platform enables organizations to fix asset misconfigurations in addition to patching to achieve comprehensive remediation.
ποΈ Critical Samba flaw presents code execution threat ποΈ
π Read
via "The Daily Swig".
Urgent patching of file-sharing technology urgedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical Samba flaw presents code execution threat
Urgent patching of file-sharing technology urged
βΌ CVE-2021-38560 βΌ
π Read
via "National Vulnerability Database".
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44746 βΌ
π Read
via "National Vulnerability Database".
UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can access to the internal network, the configuration information may be obtained.π Read
via "National Vulnerability Database".
β Website operator fined for using Google Fonts βthe cloudy wayβ β
π Read
via "Naked Security".
Google Fonts are OK, it seems, but only if everyone keeps their own copy of the fonts they use.π Read
via "Naked Security".
Naked Security
Website operator fined for using Google Fonts βthe cloudy wayβ
Google Fonts are OK, it seems, but only if everyone keeps their own copy of the fonts they use.
π΄ Complexity vs. Capability: How to Bridge the Security Effectiveness Gap π΄
π Read
via "Dark Reading".
Consolidation and automation are among the strategies for balancing security complexity and capability.π Read
via "Dark Reading".
Dark Reading
Complexity vs. Capability: How to Bridge the Security Effectiveness Gap
Consolidation and automation are among the strategies for balancing security complexity and capability.
β Linux kernel patches βperformance can be harmfulβ bug in video driver β
π Read
via "Naked Security".
This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.π Read
via "Naked Security".
Naked Security
Linux kernel patches βperformance can be harmfulβ bug in video driver
This bug is fiendishly hard to exploit β but if you patch, it wonβt be there to exploit at all.
π΄ 7 Red Flags That Can Stop Your Company From Becoming a Unicorn π΄
π Read
via "Dark Reading".
Investors and venture capitalists share the reasons that make them turn away from investing in your security tech.π Read
via "Dark Reading".
Dark Reading
7 Red Flags That Can Stop Your Company From Becoming a Unicorn
Investors and venture capitalists share the reasons that make them turn away from investing in your security tech.
β Samba βFruitβ Bug Allows RCE, Full Root User Access β
π Read
via "Threat Post".
The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages.π Read
via "Threat Post".
Threat Post
Samba βFruitβ Bug Allows RCE, Full Root User Access
The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages.
β The Account Takeover Cat-and-Mouse Game β
π Read
via "Threat Post".
ATO attacks are evolving. Jason Kent, hacker-in-residence at Cequence Security, discusses what new-style cyberattacks look like in the wild.π Read
via "Threat Post".
Threat Post
The Account Takeover Cat-and-Mouse Game
ATO attacks are evolving. Jason Kent, hacker-in-residence at Cequence Security, discusses what new-style cyberattacks look like in the wild.
βΌ CVE-2022-24220 βΌ
π Read
via "National Vulnerability Database".
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24198 βΌ
π Read
via "National Vulnerability Database".
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24196 βΌ
π Read
via "National Vulnerability Database".
iText v7.1.17 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24223 βΌ
π Read
via "National Vulnerability Database".
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24222 βΌ
π Read
via "National Vulnerability Database".
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24219 βΌ
π Read
via "National Vulnerability Database".
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24197 βΌ
π Read
via "National Vulnerability Database".
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.π Read
via "National Vulnerability Database".