βΌ CVE-2021-43745 βΌ
π Read
via "National Vulnerability Database".
A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage functionπ Read
via "National Vulnerability Database".
π΄ Fears Rise of Potential Russian Cyberattacks on US, Allies Over Sanctions π΄
π Read
via "Dark Reading".
If past is precedent, the cyber impact of the war in Ukraine could be broad and bruising, experts say.π Read
via "Dark Reading".
Dark Reading
Fears Rise of Potential Russian Cyberattacks on US, Allies Over Sanctions
If past is precedent, the cyber impact of the war in Ukraine could be broad and bruising, experts say.
βΌ CVE-2022-23835 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often, the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited, in addition to new ones.) NOTE: some vendors characterize this as not a "concrete and exploitable risk."π Read
via "National Vulnerability Database".
βΌ CVE-2022-0746 βΌ
π Read
via "National Vulnerability Database".
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34361 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2022-24288 βΌ
π Read
via "National Vulnerability Database".
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24947 βΌ
π Read
via "National Vulnerability Database".
Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-34359 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2021-45229 βΌ
π Read
via "National Vulnerability Database".
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24948 βΌ
π Read
via "National Vulnerability Database".
A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.π Read
via "National Vulnerability Database".
ποΈ DNA data of sexual assault victims exposed in breach at US laboratory ποΈ
π Read
via "The Daily Swig".
Medical information included in leak after third-party compromiseπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
DNA data of sexual assault victims exposed in breach at US laboratory
Medical information included in leak after third-party compromise
βΌ CVE-2022-25328 βΌ
π Read
via "National Vulnerability Database".
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or aboveπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25327 βΌ
π Read
via "National Vulnerability Database".
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or aboveπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0247 βΌ
π Read
via "National Vulnerability Database".
An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24612 βΌ
π Read
via "National Vulnerability Database".
An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25326 βΌ
π Read
via "National Vulnerability Database".
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24594 βΌ
π Read
via "National Vulnerability Database".
In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address.π Read
via "National Vulnerability Database".
π΄ Putting the X Factor in XDR π΄
π Read
via "Dark Reading".
While extended detection and response (XDR) is effectively considered an upgrade from endpoint detection and response, enterprises must still begin with a strong EDR foundation.π Read
via "Dark Reading".
Dark Reading
Putting the X Factor in XDR
While extended detection and response (XDR) is effectively considered an upgrade from endpoint detection and response, enterprises must still begin with a strong EDR foundation.
π΄ The Future of Cyber Insurance π΄
π Read
via "Dark Reading".
Having cyber insurance is a good idea if the costs make sense β it could be the difference between going out of business and staying afloat. But it shouldn't be your first course of action.π Read
via "Dark Reading".
Dark Reading
The Future of Cyber Insurance
Having cyber insurance is a good idea if the costs make sense β it could be the difference between going out of business and staying afloat. But it shouldn't be your first course of action.
βΌ CVE-2022-25374 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File.π Read
via "National Vulnerability Database".
ποΈ Flurry Finance heist nets crypto thieves $295k ποΈ
π Read
via "The Daily Swig".
Theft topped out at six figures after DeFi platform blocked βtoken balance multiplierβ exploitπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Flurry Finance heist nets crypto thieves $295k
Theft topped out at six figures after DeFi platform blocked βtoken balance multiplierβ exploit