βΌ CVE-2022-25031 βΌ
π Read
via "National Vulnerability Database".
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.π Read
via "National Vulnerability Database".
π΄ Attivo Expands Active Directory Protection from Unmanaged Devices, Including Mac, Linux, IoT/OT π΄
π Read
via "Dark Reading".
Attivo Networks ADSecure-DC solution joins the companyβs existing suite of Active Directory protection products.π Read
via "Dark Reading".
Dark Reading
Attivo Expands Active Directory Protection from Unmanaged Devices, Including Mac, Linux, IoT/OT
Attivo Networks ADSecure-DC solution joins the companyβs existing suite of Active Directory protection products.
π΄ 8-Character Passwords Can Be Cracked in Less than 60 Minutes π΄
π Read
via "Dark Reading".
Researchers say passwords with less than seven characters can be hacked "instantly."π Read
via "Dark Reading".
Dark Reading
8-Character Passwords Can Be Cracked in Less than 60 Minutes
Researchers say passwords with less than seven characters can be hacked "instantly."
ποΈ Google WAF bypassed via oversized POST requests ποΈ
π Read
via "The Daily Swig".
Security research highlights web application firewall security riskπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google WAF bypassed via oversized POST requests
Security research highlights web application firewall security risk
π1
βΌ CVE-2022-26128 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26126 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26125 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26129 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25138 βΌ
π Read
via "National Vulnerability Database".
Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26127 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.π Read
via "National Vulnerability Database".
π OCR Urges Organizations to Secure Health Information in 2022 π
π Read
via "".
The Director of HHS OCR called on healthcare organizations this week to strengthen their cyber posture in 2022.π Read
via "".
Digital Guardian
OCR Urges Organizations to Secure Health Information in 2022
The Director of HHS OCR called on healthcare organizations this week to strengthen their cyber posture in 2022.
π΄ Cybersecurity Mesh Architecture: Hope or Hype? π΄
π Read
via "Dark Reading".
Gartner has touted CSMA as one of the top technology trends for this year. But what is it really?π Read
via "Dark Reading".
βΌ CVE-2021-3620 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3602 βΌ
π Read
via "National Vulnerability Database".
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).π Read
via "National Vulnerability Database".
βΌ CVE-2022-23899 βΌ
π Read
via "National Vulnerability Database".
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0492 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in the Linux kernelΓ’β¬β’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25125 βΌ
π Read
via "National Vulnerability Database".
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23898 βΌ
π Read
via "National Vulnerability Database".
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3609 βΌ
π Read
via "National Vulnerability Database".
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24724 βΌ
π Read
via "National Vulnerability Database".
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22700 βΌ
π Read
via "National Vulnerability Database".
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.π Read
via "National Vulnerability Database".