βΌ CVE-2022-26877 βΌ
π Read
via "National Vulnerability Database".
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27149 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27883 βΌ
π Read
via "National Vulnerability Database".
A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28363 βΌ
π Read
via "National Vulnerability Database".
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28364 βΌ
π Read
via "National Vulnerability Database".
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28365 βΌ
π Read
via "National Vulnerability Database".
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1287 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1288 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1290 βΌ
π Read
via "National Vulnerability Database".
Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1289 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.π Read
via "National Vulnerability Database".
π€―1
π’ Mounting US data disasters show we're lucky to have GDPR π’
π Read
via "ITPro".
A long list of failures by US companies shows the governmentβs planned overhaul of the UK data protection landscape needs much closer scrutinyπ Read
via "ITPro".
IT PRO
Mounting US data disasters show we're lucky to have GDPR | IT PRO
A long list of failures by US companies shows the governmentβs planned overhaul of the UK data protection landscape needs much closer scrutiny
π’ Why the ECJ's metadata ruling endangers the safety of women π’
π Read
via "ITPro".
Until we live in a society in which women are safe, we might need to compromise on mass data collectionπ Read
via "ITPro".
IT PRO
Why the ECJ's metadata ruling endangers the safety of women | IT PRO
Until we live in a society in which women are safe, we might need to compromise on mass data collection
π’ Rackspace partners with Cohesity on new data protection services for VMware workloads π’
π Read
via "ITPro".
Deal aims to eliminate legacy backup silos and provide comprehensive protection against the βarray of rising data threatsβπ Read
via "ITPro".
IT PRO
Rackspace partners with Cohesity on new data protection services for VMware workloads | IT PRO
Deal aims to eliminate legacy backup silos and provide comprehensive protection against the βarray of rising data threatsβ
π’ Raspberry Pi OS update bolsters security against brute force attacks π’
π Read
via "ITPro".
The security change was made in line with increasing number of countries choosing to outlaw default credentialsπ Read
via "ITPro".
IT PRO
Raspberry Pi OS update bolsters security against brute force attacks | IT PRO
The security change was made in line with increasing number of countries choosing to outlaw default credentials
π’ IT Pro News In Review: The Works cyber attack, Lenovo recruitment drive, old macOS vulnerabilities π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News In Review: The Works cyber attack, Lenovo recruitment drive, old macOS vulnerabilities
Catch up on the biggest headlines of the week in just two minutes
π’ Microsoft uses sinkhole to thwart Russian state-backed Fancy Bear attacks π’
π Read
via "ITPro".
Also known as APT28 or Strontium, Fancy Bear is one of the most active APT groups in the worldπ Read
via "ITPro".
ITPro
Microsoft uses sinkhole to thwart Russian state-backed Fancy Bear attacks
Also known as APT28 or Strontium, Fancy Bear is one of the most active APT groups in the world
βΌ CVE-2021-32161 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0936 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32160 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32157 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1045 βΌ
π Read
via "National Vulnerability Database".
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.π Read
via "National Vulnerability Database".