‼ CVE-2021-44956 ‼
📖 Read
via "National Vulnerability Database".
Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45326 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44864 ‼
📖 Read
via "National Vulnerability Database".
TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0510 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45328 ‼
📖 Read
via "National Vulnerability Database".
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45325 ‼
📖 Read
via "National Vulnerability Database".
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45327 ‼
📖 Read
via "National Vulnerability Database".
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.📖 Read
via "National Vulnerability Database".
🕴 Cyber Terrorism Is a Growing Threat & Governments Must Take Action 🕴
📖 Read
via "Dark Reading".
With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere.📖 Read
via "Dark Reading".
Dark Reading
Cyber Terrorism Is a Growing Threat & Governments Must Take Action
With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere.
🕴 Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws 🕴
📖 Read
via "Dark Reading".
Companies are scanning more applications for vulnerabilities — and more often.📖 Read
via "Dark Reading".
Dark Reading
Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws
Companies are scanning more applications for vulnerabilities — and more often.
❌ No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day ❌
📖 Read
via "Threat Post".
This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don't delay to apply the patches, security experts said.📖 Read
via "Threat Post".
Threat Post
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don't delay to apply the patches, security experts said.
🕴 Get Started on Continuous Compliance Ahead of PCI DSS v4.0 🕴
📖 Read
via "Dark Reading".
Here's what vendors can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.📖 Read
via "Dark Reading".
Dark Reading
Get Started on Continuous Compliance Ahead of PCI DSS v4.0
Here's what retailers and anyone collecting payments can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.
🕴 Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks 🕴
📖 Read
via "Dark Reading".
Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders.📖 Read
via "Dark Reading".
Dark Reading
Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks
Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders.
‼ CVE-2022-21702 ‼
📖 Read
via "National Vulnerability Database".
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0139 ‼
📖 Read
via "National Vulnerability Database".
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.📖 Read
via "National Vulnerability Database".
🕴 Google Cuts User Account Compromises in Half With Simple Change 🕴
📖 Read
via "Dark Reading".
The online tech giant auto-enabled two-step verification for more than 150 million users, throwing up steep hurdles against scammers and attackers.📖 Read
via "Dark Reading".
Dark Reading
Google Cuts User Account Compromises in Half With Simple Change
The online tech giant auto-enabled two-step verification for more than 150 million users, throwing up steep hurdles against scammers and attackers.
👍1
‼ CVE-2022-0522 ‼
📖 Read
via "National Vulnerability Database".
Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21703 ‼
📖 Read
via "National Vulnerability Database".
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0524 ‼
📖 Read
via "National Vulnerability Database".
Business Logic Errors in Rubygems typo prior to 9.2.7.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23626 ‼
📖 Read
via "National Vulnerability Database".
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0521 ‼
📖 Read
via "National Vulnerability Database".
Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0518 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.2.📖 Read
via "National Vulnerability Database".