βΌ CVE-2022-26779 βΌ
π Read
via "National Vulnerability Database".
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27200 βΌ
π Read
via "National Vulnerability Database".
Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27218 βΌ
π Read
via "National Vulnerability Database".
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.π Read
via "National Vulnerability Database".
π΄ Praetorian Launches Chariot Total Attack Life Cycle Solution π΄
π Read
via "Dark Reading".
New platform combines AI-based attack surface management automation with offensive security managed services to identify exposures and prioritize risk management.π Read
via "Dark Reading".
Dark Reading
Praetorian Launches Chariot Total Attack Life Cycle Solution
New platform combines AI-based attack surface management automation with offensive security managed services to identify exposures and prioritize risk management.
π΄ OneLayer Secures $8.2M Seed Round to Protect Private 5G Networks π΄
π Read
via "Dark Reading".
OneLayer plans to use the funds to build its product suite.π Read
via "Dark Reading".
Dark Reading
OneLayer Secures $8.2M Seed Round to Protect Private 5G Networks
OneLayer plans to use the funds to build its product suite.
π΄ Incognia Introduces New Location Identity Fraud Detection Tools π΄
π Read
via "Dark Reading".
Modules include Location Spoofing Detection, Global Mobile Address Validation, and Trusted Device Intelligence.π Read
via "Dark Reading".
Dark Reading
Incognia Introduces New Location Identity Fraud Detection Tools
Modules include Location Spoofing Detection, Global Mobile Address Validation, and Trusted Device Intelligence.
π Utah Set to Pass U.S.'s Next Data Privacy Bill π
π Read
via "".
Utah looks like it will become the fourth U.S. state, after California, Virginia, and Colorado, to pass comprehensive consumer privacy legislation.π Read
via "".
Digital Guardian
Utah Set to Pass U.S.'s Next Data Privacy Bill
Utah looks like it will become the fourth U.S. state, after California, Virginia, and Colorado, to pass comprehensive consumer privacy legislation.
β Cyberattacks Against Israeli Government Sites: βLargest in the Countryβs Historyβ β
π Read
via "Threat Post".
DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency.π Read
via "Threat Post".
Threat Post
Cyberattacks Against Israeli Government Sites: βLargest in the Countryβs Historyβ
DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency.
βΌ CVE-2022-25488 βΌ
π Read
via "National Vulnerability Database".
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25497 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45848 βΌ
π Read
via "National Vulnerability Database".
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25494 βΌ
π Read
via "National Vulnerability Database".
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25485 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25486 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25492 βΌ
π Read
via "National Vulnerability Database".
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25491 βΌ
π Read
via "National Vulnerability Database".
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25489 βΌ
π Read
via "National Vulnerability Database".
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25498 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25490 βΌ
π Read
via "National Vulnerability Database".
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25495 βΌ
π Read
via "National Vulnerability Database".
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25493 βΌ
π Read
via "National Vulnerability Database".
HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.π Read
via "National Vulnerability Database".