‼ CVE-2021-44906 ‼
📖 Read
via "National Vulnerability Database".
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25364 ‼
📖 Read
via "National Vulnerability Database".
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26503 ‼
📖 Read
via "National Vulnerability Database".
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24759 ‼
📖 Read
via "National Vulnerability Database".
`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15591 ‼
📖 Read
via "National Vulnerability Database".
fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26526 ‼
📖 Read
via "National Vulnerability Database".
Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.)📖 Read
via "National Vulnerability Database".
🔏 Configuration Essential to MFA Enforcement 🔏
📖 Read
via "".
Organizations should enforce MFA for all users but avoid default MFA protocols that can be abused to steal sensitive data.📖 Read
via "".
Digital Guardian
Configuration Essential to MFA Enforcement
Organizations should enforce MFA for all users but avoid default MFA protocols that can be abused to steal sensitive data.
❌ Dev Sabotages Popular NPM Package to Protest Russian Invasion ❌
📖 Read
via "Threat Post".
In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.📖 Read
via "Threat Post".
Threat Post
Dev Sabotages Popular NPM Package to Protest Russian Invasion
In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.
🕴 Titaniam Announces Completion of Product Suite 🕴
📖 Read
via "Dark Reading".
The Titaniam Suite includes ransomware and extortion defense capabilities in the form of five products.📖 Read
via "Dark Reading".
Dark Reading
Titaniam Announces Completion of Product Suite
The Titaniam Suite includes ransomware and extortion defense capabilities in the form of five products.
🕴 Cloudflare Announces API Gateway 🕴
📖 Read
via "Dark Reading".
Organizations can secure, manage, and monitor all of their APIs in one easy-to-use dashboard.📖 Read
via "Dark Reading".
Dark Reading
Cloudflare Announces API Gateway
Organizations can secure, manage, and monitor all of their APIs in one easy-to-use dashboard.
🕴 Glasswall Launches Freemium Version of its Desktop Content Disarm and Reconstruction App 🕴
📖 Read
via "Dark Reading".
Glasswall technology offers proactive protection from file-based cybersecurity threats.📖 Read
via "Dark Reading".
Dark Reading
Glasswall Launches Freemium Version of its Desktop Content Disarm and Reconstruction App
Glasswall technology offers proactive protection from file-based cybersecurity threats.
🕴 Nok Nok Labs Unveils S3 Authentication Suite 🕴
📖 Read
via "Dark Reading".
Enhancements include support for OpenID Connect as an integration mechanism.📖 Read
via "Dark Reading".
Dark Reading
Nok Nok Labs Unveils S3 Authentication Suite
Enhancements include support for OpenID Connect as an integration mechanism.
‼ CVE-2022-26511 ‼
📖 Read
via "National Vulnerability Database".
WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26081 ‼
📖 Read
via "National Vulnerability Database".
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25949 ‼
📖 Read
via "National Vulnerability Database".
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25969 ‼
📖 Read
via "National Vulnerability Database".
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.📖 Read
via "National Vulnerability Database".
👍1
🕴 ThreatMapper Updated With New Scanning Tools 🕴
📖 Read
via "Dark Reading".
ThreatMapper 1.3.0 features secret scanning and the ability to enumerate a software bill of materials (SBOM) at runtime to help secure serverless, Kubernetes, container and multi-cloud environments.📖 Read
via "Dark Reading".
Dark Reading
ThreatMapper Updated With New Scanning Tools
ThreatMapper 1.3.0 features secret scanning and the ability to enumerate a software bill of materials at runtime to help secure serverless, Kubernetes, container, and multicloud environments.
👍1
‼ CVE-2021-44907 ‼
📖 Read
via "National Vulnerability Database".
A Denial of Service vulnerability exists in qs up to 6.8.0 due to insufficient sanitization of property in the gs.parse function. The merge() function allows the assignment of properties on an array in the query. For any property being assigned, a value in the array is converted to an object containing these properties. Essentially, this means that the property whose expected type is Array always has to be checked with Array.isArray() by the user. This may not be obvious to the user and can cause unexpected behavior.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26500 ‼
📖 Read
via "National Vulnerability Database".
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26504 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe📖 Read
via "National Vulnerability Database".