βΌ CVE-2022-25619 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2022-25620 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.π Read
via "National Vulnerability Database".
π₯1
β Lapsus$ βBack from Vacationβ β
π Read
via "Threat Post".
Lapsus$ added IT giant Globant plus 70GB of leaked data β including admin credentials for scads of customers' DevOps platforms β to its hit list.π Read
via "Threat Post".
Threat Post
Lapsus$ βBack from Vacationβ
Lapsus$ added IT giant Globant plus 70GB of leaked data β including admin credentials for scads of customers' DevOps platforms β to its hit list.
β Google Chrome Bug Actively Exploited as Zero-Day β
π Read
via "Threat Post".
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.π Read
via "Threat Post".
Threat Post
Google Chrome Bug Actively Exploited as Zero-Day
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.
ποΈ Spring Cloud framework commits patch for code injection flaw ποΈ
π Read
via "The Daily Swig".
A fix appears to have been pushed but is not available in a stable release yetπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Spring Cloud framework commits patch for code injection flaw
A fix appears to have been pushed but is not available in a stable release yet
β βVMWare Spring Cloudβ Java bug gives instant remote code execution β update now! β
π Read
via "Naked Security".
Easy unauthenticated remote code execution - PoC code already outπ Read
via "Naked Security".
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
Easy unauthenticated remote code execution β PoC code already out
π1
π΄ Cybercriminals Fighting Over Cloud Workloads for Cryptomining π΄
π Read
via "Dark Reading".
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Fighting Over Cloud Workloads for Cryptomining
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.
π΄ Smart Cities: Secure by Design? It Takes a Village π΄
π Read
via "Dark Reading".
Smart-city security breaches have potentially very serious consequences β they can be economically devastating and even life-threatening, if handled wrong.π Read
via "Dark Reading".
Dark Reading
Smart Cities: Secure by Design? It Takes a Village
Smart-city security breaches have potentially very serious consequences β they can be economically devastating and even life-threatening, if handled wrong.
β Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments β
π Read
via "Threat Post".
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.π Read
via "Threat Post".
Threat Post
Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.
βΌ CVE-2021-39751 βΌ
π Read
via "National Vulnerability Database".
In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-172838801π Read
via "National Vulnerability Database".
βΌ CVE-2021-39758 βΌ
π Read
via "National Vulnerability Database".
In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205130886π Read
via "National Vulnerability Database".
βΌ CVE-2021-39755 βΌ
π Read
via "National Vulnerability Database".
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407π Read
via "National Vulnerability Database".
βΌ CVE-2021-39784 βΌ
π Read
via "National Vulnerability Database".
In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477π Read
via "National Vulnerability Database".
βΌ CVE-2021-39739 βΌ
π Read
via "National Vulnerability Database".
In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194π Read
via "National Vulnerability Database".
βΌ CVE-2021-39742 βΌ
π Read
via "National Vulnerability Database".
In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602π Read
via "National Vulnerability Database".
βΌ CVE-2021-39779 βΌ
π Read
via "National Vulnerability Database".
In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-190400974π Read
via "National Vulnerability Database".
βΌ CVE-2022-20002 βΌ
π Read
via "National Vulnerability Database".
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657π Read
via "National Vulnerability Database".
βΌ CVE-2021-39776 βΌ
π Read
via "National Vulnerability Database".
In NFC, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192614125π Read
via "National Vulnerability Database".
βΌ CVE-2021-44312 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23801 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23797 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.π Read
via "National Vulnerability Database".