‼ CVE-2022-25179 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25205 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25212 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25183 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25206 ‼
📖 Read
via "National Vulnerability Database".
A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25181 ‼
📖 Read
via "National Vulnerability Database".
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25201 ‼
📖 Read
via "National Vulnerability Database".
Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25209 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.📖 Read
via "National Vulnerability Database".
🕴 Red Canary Launches Partner Program 🕴
📖 Read
via "Dark Reading".
Red Canary Partner Connect will unite a diverse ecosystem of incident response, risk and managed services partners.📖 Read
via "Dark Reading".
Dark Reading
Red Canary Launches Partner Program
Red Canary Partner Connect will unite a diverse ecosystem of incident response, risk and managed services partners.
‼ CVE-2021-46264 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the onlineList module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42713 ‼
📖 Read
via "National Vulnerability Database".
Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42714 ‼
📖 Read
via "National Vulnerability Database".
Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46263 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiTime module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46262 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46321 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24589 ‼
📖 Read
via "National Vulnerability Database".
Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-23639 ‼
📖 Read
via "National Vulnerability Database".
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46265 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37354 ‼
📖 Read
via "National Vulnerability Database".
Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33945 ‼
📖 Read
via "National Vulnerability Database".
RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.📖 Read
via "National Vulnerability Database".
🕴 How Nonprofits Can Continue to Evade Ransomware Attacks 🕴
📖 Read
via "Dark Reading".
Just as small businesses can't be complacent, nonprofits also need to prepare for cyberattacks.📖 Read
via "Dark Reading".
Dark Reading
How Nonprofits Can Evade Ransomware Attacks
Just as small businesses can't be complacent, nonprofits also need to prepare for cyberattacks.