βΌ CVE-2021-30328 βΌ
π Read
via "National Vulnerability Database".
Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30332 βΌ
π Read
via "National Vulnerability Database".
Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
π2
βΌ CVE-2021-30333 βΌ
π Read
via "National Vulnerability Database".
Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
ποΈ PHP bug allows attackers to bypass domain filters, stage DoS attacks against servers ποΈ
π Read
via "The Daily Swig".
Filter bypass flaw is triggered only on very large user input, which puts restrictions on its exploitabilityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
PHP bug allows attackers to bypass domain filters, stage DoS attacks against servers
Filter bypass flaw is triggered only on very large user input, which puts restrictions on its exploitability
βΌ CVE-2021-46443 βΌ
π Read
via "National Vulnerability Database".
Spoofer 1.4.6 suffers from unquoted service paths vulnerability. An attacker as a low privileged local user can hijack the execution flow of the application to escalate privileges by inserting a malicious executable in a higher level directory with the vulnerable path.π Read
via "National Vulnerability Database".
β Apple Rushes Out Patches for 0-Days in MacOS, iOS β
π Read
via "Threat Post".
The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.π Read
via "Threat Post".
Threat Post
Apple Rushes Out Patches for 0-Days in MacOS, iOS
The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.
ποΈ GitLab addresses critical account hijack bug ποΈ
π Read
via "The Daily Swig".
Monthly release also addresses pair of stored XSS flawsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitLab addresses critical account hijack bug
Monthly release also addresses pair of stored XSS flaws
π1
π΄ More Than Ever, Security Matters π΄
π Read
via "Dark Reading".
Public policy proposals must consider technical, practical, and real-world security effects, and make sure we avoid unintended consequences.π Read
via "Dark Reading".
Dark Reading
More Than Ever, Security Matters
Public policy proposals must consider technical, practical, and real-world security effects, and make sure we avoid unintended consequences.
βΌ CVE-2022-24181 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.π Read
via "National Vulnerability Database".
ποΈ Bug Bounty Radar // The latest bug bounty programs for April 2022 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for April 2022
New web targets for the discerning hacker
βΌ CVE-2021-44135 βΌ
π Read
via "National Vulnerability Database".
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.π Read
via "National Vulnerability Database".
π Friday Five 4/1 π
π Read
via "".
Hacked satellites, how technology enables data protection, and the fastest ransomware - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 4/1
Hacked satellites, how technology enables data protection, and the fastest ransomware - catch up on the infosec news of the week with the Friday Five!
π΄ What You Need to Know About PCI DSS 4.0's New Requirements π΄
π Read
via "Dark Reading".
The goal for PCI DSS v4.0 is to βaddress emerging threats and technologies and enable innovative methods to combat new threatsβ to customer payment information, the PCI Security Standards Council says.π Read
via "Dark Reading".
Dark Reading
What You Need to Know About PCI DSS 4.0's New Requirements
The updated security payment standard's goal is to βaddress emerging threats and technologies and enable innovative methods to combat new threatsβ to customer payment information, the PCI Security Standards Council says.
βΌ CVE-2022-22404 βΌ
π Read
via "National Vulnerability Database".
IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22332 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21235 βΌ
π Read
via "National Vulnerability Database".
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22328 βΌ
π Read
via "National Vulnerability Database".
IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22331 βΌ
π Read
via "National Vulnerability Database".
IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22327 βΌ
π Read
via "National Vulnerability Database".
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859.π Read
via "National Vulnerability Database".
π΄ NSA Employee Indicted for Sending Classified Data Outside the Agency π΄
π Read
via "Dark Reading".
Even the NSA has a malicious insider problem. The employee used his personal emails to send classified data to unauthorized outsiders on 13 different occasions.π Read
via "Dark Reading".
Dark Reading
NSA Employee Indicted for Sending Classified Data Outside the Agency
Even the NSA has a malicious insider problem. The employee used his personal emails to send classified data to unauthorized outsiders on 13 different occasions.
βΌ CVE-2022-21223 βΌ
π Read
via "National Vulnerability Database".
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection.π Read
via "National Vulnerability Database".