‼ CVE-2022-23321 ‼
📖 Read
via "National Vulnerability Database".
A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45364 ‼
📖 Read
via "National Vulnerability Database".
A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44850 ‼
📖 Read
via "National Vulnerability Database".
On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card's transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24916 ‼
📖 Read
via "National Vulnerability Database".
Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24568 ‼
📖 Read
via "National Vulnerability Database".
Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23630 ‼
📖 Read
via "National Vulnerability Database".
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.📖 Read
via "National Vulnerability Database".
👍1
🕴 Defense Contractors Need to Check Their Six 🕴
📖 Read
via "Dark Reading".
Companies overall met government standards, but poor credential management left vulnerabilities.📖 Read
via "Dark Reading".
Dark Reading
Defense Contractors Need to Check Their Six
Companies overall met government standards, but poor credential management left vulnerabilities.
❌ Sharp SIM-Swapping Spike Causes $68M in Losses ❌
📖 Read
via "Threat Post".
The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts.📖 Read
via "Threat Post".
Threat Post
Sharp SIM-Swapping Spike Causes $68M in Losses
The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts.
🕴 Apple Releases Security Update for Webkit Flaw 🕴
📖 Read
via "Dark Reading".
A Webkit use-after-free vulnerability in iOS, iPadOS, Monterey, and Safari may already have been exploited, Apple said in a security advisory issued today.📖 Read
via "Dark Reading".
Dark Reading
Apple Releases Security Update for Webkit Flaw
A Webkit use-after-free vulnerability in iOS, iPadOS, Monterey, and Safari may already have been exploited, Apple said in a security advisory issued today.
🕴 Credential-Stuffing Attacks on Remote Windows Systems Took Off in 2021 🕴
📖 Read
via "Dark Reading".
Password-guessing became last year's weapon of choice, as attackers attempted to brute-force vulnerable Remote Desktop Protocol (RDP) servers, SQL databases, and SMB file shares.📖 Read
via "Dark Reading".
Dark Reading
Credential-Stuffing Attacks on Remote Windows Systems Took Off in 2021
Password-guessing became last year's weapon of choice, as attackers attempted to brute-force vulnerable Remote Desktop Protocol (RDP) servers, SQL databases, and SMB file shares.
❌ Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares ❌
📖 Read
via "Threat Post".
The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer.📖 Read
via "Threat Post".
Threat Post
Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares
The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer.
🕴 Retailers' Offboarding Procedures Leave Potential Risks 🕴
📖 Read
via "Dark Reading".
IT teams need to consider unforeseen threats to avoid violating privacy regulations and supplier contracts.📖 Read
via "Dark Reading".
Dark Reading
Retailers' Offboarding Procedures Leave Potential Risks
IT teams need to consider unforeseen threats to avoid violating privacy regulations and supplier contracts.
‼ CVE-2022-0554 ‼
📖 Read
via "National Vulnerability Database".
Use of Out-of-range Pointer Offset in Conda vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44969 ‼
📖 Read
via "National Vulnerability Database".
Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44970 ‼
📖 Read
via "National Vulnerability Database".
MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42000 ‼
📖 Read
via "National Vulnerability Database".
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24646 ‼
📖 Read
via "National Vulnerability Database".
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24647 ‼
📖 Read
via "National Vulnerability Database".
Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24958 ‼
📖 Read
via "National Vulnerability Database".
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0557 ‼
📖 Read
via "National Vulnerability Database".
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24961 ‼
📖 Read
via "National Vulnerability Database".
In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.📖 Read
via "National Vulnerability Database".