βΌ CVE-2022-0295 βΌ
π Read
via "National Vulnerability Database".
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25033 βΌ
π Read
via "National Vulnerability Database".
The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issueπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0301 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24874 βΌ
π Read
via "National Vulnerability Database".
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0305 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25050 βΌ
π Read
via "National Vulnerability Database".
The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0569 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24110 βΌ
π Read
via "National Vulnerability Database".
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later.π Read
via "National Vulnerability Database".
ποΈ New Zealand government mandates bug reporting process for federal agencies ποΈ
π Read
via "The Daily Swig".
Researchers can report vulnerabilities on a βno blameβ basisπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
New Zealand government mandates bug reporting process for federal agencies
Researchers can report vulnerabilities on a βno blameβ basis
π΄ Ransomware Threat Intel: You're Soaking In It! π΄
π Read
via "Dark Reading".
Organizations need to improve their ability to detect and prevent emerging ransomware attacks.π Read
via "Dark Reading".
Dark Reading
Ransomware Threat Intel: You're Soaking In It!
Organizations need to improve their ability to detect and prevent emerging ransomware attacks.
β Power company pays out $3 trillion compensation to astonished customer β
π Read
via "Naked Security".
More money than the UK's economy produces in a year!π Read
via "Naked Security".
Naked Security
Power company pays out $3 trillion compensation to astonished customer
More money than the UKβs economy produces in a year!
π΄ Could Biology Hold the Clue to Better Cybersecurity? π΄
π Read
via "Dark Reading".
Sophisticated malware attacks underscore the need for a more dynamic security framework, inspired by biological concepts.π Read
via "Dark Reading".
Dark Reading
Could Biology Hold the Clue to Better Cybersecurity?
Sophisticated malware attacks underscore the need for a more dynamic security framework, inspired by biological concepts.
βΌ CVE-2021-45420 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45421 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24686 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6π Read
via "National Vulnerability Database".
π΄ (ISC)Β² to Pilot Online Proctored Exams for CISSP in U.S., U.K. and Singapore π΄
π Read
via "Dark Reading".
Second pilot program will assess feasibility and security of offering online exams to increase global accessibility for certification candidates.π Read
via "Dark Reading".
Dark Reading
(ISC)Β² to Pilot Online Proctored Exams for CISSP in U.S., U.K. and Singapore
Second pilot program will assess feasibility and security of offering online exams to increase global accessibility for certification candidates.
π΄ LogRhythm Unveils New Brand Identity π΄
π Read
via "Dark Reading".
Announcement comes in advance of new technology offerings in 2022.π Read
via "Dark Reading".
Dark Reading
LogRhythm Unveils New Brand Identity
Announcement comes in advance of new technology offerings in 2022.
π΄ One Identity Enhances Unified Identity Security Platform with CIEM, Application Governance and Teams Modules π΄
π Read
via "Dark Reading".
Plans to further advance vision for end-to-end identity security.π Read
via "Dark Reading".
Dark Reading
One Identity Enhances Unified Identity Security Platform with CIEM, Application Governance and Teams Modules
Plans to further advance vision for end-to-end identity security.
ποΈ Missouri prosecutor declines to file charges over βhackerβ allegation against reporter ποΈ
π Read
via "The Daily Swig".
Relief as controversial charges dropped tempered by fears about chilling effectπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Missouri prosecutor declines to file charges over βhackerβ allegation against reporter
Relief as controversial charges dropped tempered by fears about chilling effect
β Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack β
π Read
via "Threat Post".
The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems.π Read
via "Threat Post".
Threat Post
Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack
The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems.
βΌ CVE-2021-46371 βΌ
π Read
via "National Vulnerability Database".
antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information.π Read
via "National Vulnerability Database".