βΌ CVE-2022-23623 βΌ
π Read
via "National Vulnerability Database".
Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23624 βΌ
π Read
via "National Vulnerability Database".
Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0509 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22146 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21241 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0508 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in NPM @peertube/embed-api prior to Not released yet.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21193 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to obtain an arbitrary file on the server via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21173 βΌ
π Read
via "National Vulnerability Database".
Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22142 βΌ
π Read
via "National Vulnerability Database".
Reflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20877 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21799 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21805 βΌ
π Read
via "National Vulnerability Database".
Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
β China Suspected of News Corp Cyberespionage Attack β
π Read
via "Threat Post".
Attackers infiltrated the media giantβs network using business email compromise, showing corporate networks' vulnerability due to human error. Here's how to help stop BEC.π Read
via "Threat Post".
Threat Post
China Suspected of News Corp Cyberespionage Attack
Attackers infiltrated the media giantβs network using BEC, while Microsoft moved to stop such attacks by blocking VBA macros in 5 Windows apps. Included: more ways to help stop BEC.
ποΈ UK anti-encryption drive meets fierce resistance from privacy, security advocates ποΈ
π Read
via "The Daily Swig".
Privacy campaigners sign open letter urging government to reconsider E2EE stanceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK anti-encryption drive meets fierce resistance from privacy, security advocates
Privacy campaigners sign open letter urging government to reconsider E2EE stance
π΄ Get Started on Continuous Compliance Ahead of PCI DSS v4.0 π΄
π Read
via "Dark Reading".
Here's what vendors can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.π Read
via "Dark Reading".
Dark Reading
Get Started on Continuous Compliance Ahead of PCI DSS v4.0
Here's what retailers and anyone collecting payments can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.
π΄ DeepSurface Security Secures $4.5M for Business Expansion π΄
π Read
via "Dark Reading".
Funding round was led by Differential Ventures, an artificial intelligence and cybersecurity seed venture fund.π Read
via "Dark Reading".
Dark Reading
DeepSurface Security Secures $4.5M for Business Expansion
Funding round was led by Differential Ventures, an artificial intelligence and cybersecurity seed venture fund.
π΄ InterVision Unveils Ransomware Protection as a Service π΄
π Read
via "Dark Reading".
InterVision RPaaS solution provides protection, response, and recovery in one managed service.π Read
via "Dark Reading".
Dark Reading
InterVision Unveils Ransomware Protection as a Service
InterVision RPaaS solution provides protection, response, and recovery in one managed service.
π΄ Salesforce DevOps Needs Guardrails π΄
π Read
via "Dark Reading".
Some companies go too fast when it comes to SaaS, DevOps, and security, but smart developers and implementers will respect some basic guidelines to keep their product safe.π Read
via "Dark Reading".
Dark Reading
Salesforce DevOps Needs Guardrails
Some companies go too fast when it comes to SaaS, DevOps, and security, but smart developers and implementers will respect some basic guidelines to keep their product safe.
β Microsoft blocks web installation of its own App Installer files β
π Read
via "Naked Security".
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-23331 βΌ
π Read
via "National Vulnerability Database".
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23340 βΌ
π Read
via "National Vulnerability Database".
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.π Read
via "National Vulnerability Database".