π΄ Allure Security Raises $6.8 Million Seed Funding Round π΄
π Read
via "Dark Reading".
Funding led by Gutbrain Ventures.π Read
via "Dark Reading".
Dark Reading
Allure Security Raises $6.8 Million Seed Funding Round
Funding led by Gutbrain Ventures.
βΌ CVE-2022-20701 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0017 βΌ
π Read
via "National Vulnerability Database".
An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0019 βΌ
π Read
via "National Vulnerability Database".
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target userΓΒ’Γ’β¬ÒβΒ’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-20707 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3398 βΌ
π Read
via "National Vulnerability Database".
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20709 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20708 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20699 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0021 βΌ
π Read
via "National Vulnerability Database".
An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0020 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0018 βΌ
π Read
via "National Vulnerability Database".
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user's local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20703 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20712 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37613 βΌ
π Read
via "National Vulnerability Database".
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20738 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20704 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20702 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45357 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20706 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0016 βΌ
π Read
via "National Vulnerability Database".
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.π Read
via "National Vulnerability Database".