‼ CVE-2022-0905 ‼
📖 Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0906 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.📖 Read
via "National Vulnerability Database".
🛠 Falco 0.31.1 🛠
📖 Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.31.1 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance 🕴
📖 Read
via "Dark Reading".
While cyber insurance will continue to exist, it will cost more and cover less — and that's changing the risk your company faces.📖 Read
via "Dark Reading".
Dark Reading
Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance
While cyber insurance will continue to exist, it will cost more and cover less — and that's changing the risk your company faces.
‼ CVE-2022-0725 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-43970 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM).📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-34122 ‼
📖 Read
via "National Vulnerability Database".
The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14112 ‼
📖 Read
via "National Vulnerability Database".
Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44750 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44421 ‼
📖 Read
via "National Vulnerability Database".
The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14115 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40048 ‼
📖 Read
via "National Vulnerability Database".
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20049 ‼
📖 Read
via "National Vulnerability Database".
In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40057 ‼
📖 Read
via "National Vulnerability Database".
There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24193 ‼
📖 Read
via "National Vulnerability Database".
CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40054 ‼
📖 Read
via "National Vulnerability Database".
There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44628 ‼
📖 Read
via "National Vulnerability Database".
A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40059 ‼
📖 Read
via "National Vulnerability Database".
There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21146 ‼
📖 Read
via "National Vulnerability Database".
Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42787 ‼
📖 Read
via "National Vulnerability Database".
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25219 ‼
📖 Read
via "National Vulnerability Database".
A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218).📖 Read
via "National Vulnerability Database".