βΌ CVE-2022-25328 βΌ
π Read
via "National Vulnerability Database".
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or aboveπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25327 βΌ
π Read
via "National Vulnerability Database".
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or aboveπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0247 βΌ
π Read
via "National Vulnerability Database".
An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24612 βΌ
π Read
via "National Vulnerability Database".
An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25326 βΌ
π Read
via "National Vulnerability Database".
fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24594 βΌ
π Read
via "National Vulnerability Database".
In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address.π Read
via "National Vulnerability Database".
π΄ Putting the X Factor in XDR π΄
π Read
via "Dark Reading".
While extended detection and response (XDR) is effectively considered an upgrade from endpoint detection and response, enterprises must still begin with a strong EDR foundation.π Read
via "Dark Reading".
Dark Reading
Putting the X Factor in XDR
While extended detection and response (XDR) is effectively considered an upgrade from endpoint detection and response, enterprises must still begin with a strong EDR foundation.
π΄ The Future of Cyber Insurance π΄
π Read
via "Dark Reading".
Having cyber insurance is a good idea if the costs make sense β it could be the difference between going out of business and staying afloat. But it shouldn't be your first course of action.π Read
via "Dark Reading".
Dark Reading
The Future of Cyber Insurance
Having cyber insurance is a good idea if the costs make sense β it could be the difference between going out of business and staying afloat. But it shouldn't be your first course of action.
βΌ CVE-2022-25374 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File.π Read
via "National Vulnerability Database".
ποΈ Flurry Finance heist nets crypto thieves $295k ποΈ
π Read
via "The Daily Swig".
Theft topped out at six figures after DeFi platform blocked βtoken balance multiplierβ exploitπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Flurry Finance heist nets crypto thieves $295k
Theft topped out at six figures after DeFi platform blocked βtoken balance multiplierβ exploit
βΌ CVE-2022-24334 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24338 βΌ
π Read
via "National Vulnerability Database".
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24340 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24345 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24339 βΌ
π Read
via "National Vulnerability Database".
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24347 βΌ
π Read
via "National Vulnerability Database".
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24327 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24332 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24329 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24331 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24346 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.π Read
via "National Vulnerability Database".