‼ CVE-2021-41245 ‼
📖 Read
via "National Vulnerability Database".
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1243 ‼
📖 Read
via "National Vulnerability Database".
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.📖 Read
via "National Vulnerability Database".
🕴 What We Can Learn From Lapsus$ Techniques 🕴
📖 Read
via "Dark Reading".
The group is targeting the biggest weak spot in most security postures: finding anomalous behavior by authorized entities.📖 Read
via "Dark Reading".
Dark Reading
What We Can Learn From Lapsus$ Techniques
The group is targeting the biggest weak spot in most security postures: finding anomalous behavior by authorized entities.
🕴 Name That Edge Toon: In Deep Water 🕴
📖 Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.📖 Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: In Deep Water
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
🕴 How IP Data Can Help Security Professionals Protect Their Networks 🕴
📖 Read
via "Dark Reading".
Beefing up security requires a combination of forensic efforts and proactive mitigation. IP context aids both.📖 Read
via "Dark Reading".
Dark Reading
How IP Data Can Help Security Professionals Protect Their Networks
Beefing up security requires a combination of forensic efforts and proactive mitigation. IP context aids both.
❌ Authorities Fully Behead Hydra Dark Marketplace ❌
📖 Read
via "Threat Post".
The popular underground market traded in drugs, stolen data, forged documents and more -- raking in billions in Bitcoin.📖 Read
via "Threat Post".
Threat Post
Authorities Fully Behead Hydra Dark Marketplace
The popular underground market traded in drugs, stolen data, forged documents and more — raking in billions in Bitcoin.
‼ CVE-2020-23349 ‼
📖 Read
via "National Vulnerability Database".
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28847 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19229 ‼
📖 Read
via "National Vulnerability Database".
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26635 ‼
📖 Read
via "National Vulnerability Database".
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41751 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24795 ‼
📖 Read
via "National Vulnerability Database".
yajl-riuby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution to be unlikely. A patch is available and anticipated to be part of version 1.4.2. As a workaround, avoid passing large inputs to YAJL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22355 ‼
📖 Read
via "National Vulnerability Database".
IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27463 ‼
📖 Read
via "National Vulnerability Database".
Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0602 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27462 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22356 ‼
📖 Read
via "National Vulnerability Database".
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30080 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27116 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41752 ‼
📖 Read
via "National Vulnerability Database".
Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27117 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.📖 Read
via "National Vulnerability Database".