โผ CVE-2021-43945 โผ
๐ Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-26159 โผ
๐ Read
via "National Vulnerability Database".
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.๐ Read
via "National Vulnerability Database".
๐๏ธ Bridgestone Americas โdisconnectsโ manufacturing facilities following โsecurity incidentโ ๐๏ธ
๐ Read
via "The Daily Swig".
Worldโs biggest tire manufacturer yet to determine โscope or nature of any potential incidentโ๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bridgestone Americas โdisconnectsโ manufacturing facilities following โsecurity incidentโ
Worldโs biggest tire manufacturer yet to determine โscope or nature of any potential incidentโ
๐ด How to Boost Shift-Left Security in the SDLC ๐ด
๐ Read
via "Dark Reading".
Organizations will see big wins from applying security controls early in the development life cycle.๐ Read
via "Dark Reading".
Dark Reading
How to Boost Shift-Left Security in the SDLC
Organizations will see big wins from applying security controls early in the development life cycle.
โผ CVE-2022-24685 โผ
๐ Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-24572 โผ
๐ Read
via "National Vulnerability Database".
Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-24571 โผ
๐ Read
via "National Vulnerability Database".
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access.๐ Read
via "National Vulnerability Database".
๐ด Companies Borrow Attack Technique to Watermark Machine Learning Models ๐ด
๐ Read
via "Dark Reading".
Researchers continue to improve on a technique for embedded crafted outputs into machine-learning models, an anti-copying technique originally thought up by adversarial researchers.๐ Read
via "Dark Reading".
Dark Reading
Companies Borrow Attack Technique to Watermark Machine Learning Models
Researchers continue to improve on a technique for embedded crafted outputs into machine-learning models, an anti-copying technique originally thought up by adversarial researchers.
โผ CVE-2022-25642 โผ
๐ Read
via "National Vulnerability Database".
Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-24711 โผ
๐ Read
via "National Vulnerability Database".
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-26158 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-26156 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44339 โผ
๐ Read
via "National Vulnerability Database".
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in "/ok_png.c:712".๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44334 โผ
๐ Read
via "National Vulnerability Database".
David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_jpg_convert_YCbCr_to_RGB() in "/ok_jpg.c:513" .๐ Read
via "National Vulnerability Database".
โผ CVE-2022-26157 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43086 โผ
๐ Read
via "National Vulnerability Database".
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in "/Source/astcenc_compress_symbolic.cpp".๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44340 โผ
๐ Read
via "National Vulnerability Database".
David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffman_table() in "/ok_jpg.c:403".๐ Read
via "National Vulnerability Database".
โผ CVE-2022-26155 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-24712 โผ
๐ Read
via "National Vulnerability Database".
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing.๐ Read
via "National Vulnerability Database".
๐๏ธ Bug Bounty Radar // The latest bug bounty programs for March 2022 ๐๏ธ
๐ Read
via "The Daily Swig".
New web targets for the discerning hacker๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for March 2022
New web targets for the discerning hacker
โ Toyota to Close Japan Plants After Suspected Cyberattack โ
๐ Read
via "Threat Post".
The plants will shut down on Tuesday, halting about a third of the companyโs global production. Toyota doesnโt know how long the 14 plants will be unplugged.๐ Read
via "Threat Post".
Threat Post
Toyota to Close Japan Plants After Suspected Cyberattack
The plants will shut down on Tuesday, halting about a third of the companyโs global production. Toyota doesnโt know how long the 14 plants will be unplugged.