‼ CVE-2022-24704 ‼
📖 Read
via "National Vulnerability Database".
The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23391 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45005 ‼
📖 Read
via "National Vulnerability Database".
Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23390 ‼
📖 Read
via "National Vulnerability Database".
An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23335 ‼
📖 Read
via "National Vulnerability Database".
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23337 ‼
📖 Read
via "National Vulnerability Database".
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23637 ‼
📖 Read
via "National Vulnerability Database".
K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46462 ‼
📖 Read
via "National Vulnerability Database".
njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22295 ‼
📖 Read
via "National Vulnerability Database".
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25139 ‼
📖 Read
via "National Vulnerability Database".
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.📖 Read
via "National Vulnerability Database".
❌ BlackByte Tackles the SF 49ers & US Critical Infrastructure ❌
📖 Read
via "Threat Post".
Hours before the Superbowl and two days after the FBI warned about the ransomware gang, BlackByte leaked what are purportedly the NFL team's files.📖 Read
via "Threat Post".
Threat Post
BlackByte Tackles the SF 49ers & US Critical Infrastructure
Hours before the Superbowl and two days after the FBI warned about the ransomware gang, BlackByte leaked what are purportedly the NFL team's files.
‼ CVE-2021-43940 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43950 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration information via a Broken Access Control vulnerability in the Insight Import Source feature. The affected versions are before version 4.21.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43952 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43948 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43941 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43953 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.21.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46557 ‼
📖 Read
via "National Vulnerability Database".
Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46558 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields.📖 Read
via "National Vulnerability Database".
❌ TA2541: APT Has Been Shooting RATs at Aviation for Years ❌
📖 Read
via "Threat Post".
Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense.📖 Read
via "Threat Post".
Threat Post
TA2541: APT Has Been Shooting RATs at Aviation for Years
Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense.
🗓️ Grafana web security vulnerability opened a plethora of attack possibilities 🗓️
📖 Read
via "The Daily Swig".
Visualize this📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Grafana web security vulnerability opened a plethora of attack possibilities
Visualize this