βΌ CVE-2022-27204 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27197 βΌ
π Read
via "National Vulnerability Database".
Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27199 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27212 βΌ
π Read
via "National Vulnerability Database".
Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27213 βΌ
π Read
via "National Vulnerability Database".
Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0964 βΌ
π Read
via "National Vulnerability Database".
Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26779 βΌ
π Read
via "National Vulnerability Database".
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27200 βΌ
π Read
via "National Vulnerability Database".
Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27218 βΌ
π Read
via "National Vulnerability Database".
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.π Read
via "National Vulnerability Database".
π΄ Praetorian Launches Chariot Total Attack Life Cycle Solution π΄
π Read
via "Dark Reading".
New platform combines AI-based attack surface management automation with offensive security managed services to identify exposures and prioritize risk management.π Read
via "Dark Reading".
Dark Reading
Praetorian Launches Chariot Total Attack Life Cycle Solution
New platform combines AI-based attack surface management automation with offensive security managed services to identify exposures and prioritize risk management.
π΄ OneLayer Secures $8.2M Seed Round to Protect Private 5G Networks π΄
π Read
via "Dark Reading".
OneLayer plans to use the funds to build its product suite.π Read
via "Dark Reading".
Dark Reading
OneLayer Secures $8.2M Seed Round to Protect Private 5G Networks
OneLayer plans to use the funds to build its product suite.
π΄ Incognia Introduces New Location Identity Fraud Detection Tools π΄
π Read
via "Dark Reading".
Modules include Location Spoofing Detection, Global Mobile Address Validation, and Trusted Device Intelligence.π Read
via "Dark Reading".
Dark Reading
Incognia Introduces New Location Identity Fraud Detection Tools
Modules include Location Spoofing Detection, Global Mobile Address Validation, and Trusted Device Intelligence.
π Utah Set to Pass U.S.'s Next Data Privacy Bill π
π Read
via "".
Utah looks like it will become the fourth U.S. state, after California, Virginia, and Colorado, to pass comprehensive consumer privacy legislation.π Read
via "".
Digital Guardian
Utah Set to Pass U.S.'s Next Data Privacy Bill
Utah looks like it will become the fourth U.S. state, after California, Virginia, and Colorado, to pass comprehensive consumer privacy legislation.
β Cyberattacks Against Israeli Government Sites: βLargest in the Countryβs Historyβ β
π Read
via "Threat Post".
DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency.π Read
via "Threat Post".
Threat Post
Cyberattacks Against Israeli Government Sites: βLargest in the Countryβs Historyβ
DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency.
βΌ CVE-2022-25488 βΌ
π Read
via "National Vulnerability Database".
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25497 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45848 βΌ
π Read
via "National Vulnerability Database".
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25494 βΌ
π Read
via "National Vulnerability Database".
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25485 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25486 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25492 βΌ
π Read
via "National Vulnerability Database".
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.π Read
via "National Vulnerability Database".