βΌ CVE-2022-27111 βΌ
π Read
via "National Vulnerability Database".
Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.π Read
via "National Vulnerability Database".
ποΈ Access control vulnerability in Easy!Appointments platform exposed sensitive personal data ποΈ
π Read
via "The Daily Swig".
Unprotected API could expose names, places, times of bookings made using appπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Access control vulnerability in Easy!Appointments platform exposed sensitive personal data
Unprotected API could expose names, places, times of bookings made using app
β Popular Ruby Asciidoc toolkit patched against critical vuln β get the update now! β
π Read
via "Naked Security".
A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.π Read
via "Naked Security".
Naked Security
Popular Ruby Asciidoc toolkit patched against critical vuln β get the update now!
A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.
π΄ Creating a Security Culture Where People Can Admit Mistakes π΄
π Read
via "Dark Reading".
In cybersecurity, user error is the symptom, not the disease. A healthy culture acknowledges and addresses the underlying causes of lapses.π Read
via "Dark Reading".
Dark Reading
Creating a Security Culture Where People Can Admit Mistakes
In cybersecurity, user error is the symptom, not the disease. A healthy culture acknowledges and addresses the underlying causes of lapses.
π΄ 10 Signs of a Good Security Leader π΄
π Read
via "Dark Reading".
Strong leadership can lead to motivated and loyal employees. Here's what that looks like.π Read
via "Dark Reading".
Dark Reading
10 Signs of a Good Security Leader
Strong leadership can lead to motivated and loyal employees. Here's what that looks like.
β OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default β
π Read
via "Naked Security".
Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ SafeGuard Cyber Provides Security Advice for Defending Against Browser-in-the-Browser (BitB) Attacks π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
SafeGuard Cyber Provides Security Advice for Defending Against Browser-in-the-Browser (BitB) Attacks
π΄ Imprivata Acquires SecureLink to Deliver a Single-Vendor Platform to Manage and Secure All Enterprise and Third-Party Digital Identities π΄
π Read
via "Dark Reading".
Imprivata will unlock further value for customers by unifying, integrating, and automating digital identity to enable autonomous identity systems.π Read
via "Dark Reading".
Dark Reading
Imprivata Acquires SecureLink to Deliver a Single-Vendor Platform to Manage and Secure All Enterprise and Third-Party Digital Identities
Imprivata will unlock further value for customers by unifying, integrating, and automating digital identity to enable autonomous identity systems.
β Microsoft Takes Down Domains Used in Cyberattack Against Ukraine β
π Read
via "Threat Post".
The APT28 (Advanced persistence threat) is operating since 2009, this group has worked under different names such as Sofacy, Sednit, Strontium Storm, Fancy Bear, Iron Twilight, and Pawn.π Read
via "Threat Post".
Threat Post
Microsoft Takes Down Domains Used in Cyberattack Against Ukraine
Microsoft steps up defensive actions to βdefend against an onslaught of cyberwarfare that has escalated since the invasionβ of Ukraine.
π Haveged 1.9.18 π
π Read
via "Packet Storm Security".
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.π Read
via "Packet Storm Security".
Packetstormsecurity
Haveged 1.9.18 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-40219 βΌ
π Read
via "National Vulnerability Database".
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38930 βΌ
π Read
via "National Vulnerability Database".
IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43442 βΌ
π Read
via "National Vulnerability Database".
A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37293 βΌ
π Read
via "National Vulnerability Database".
A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37292 βΌ
π Read
via "National Vulnerability Database".
An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37291 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38929 βΌ
π Read
via "National Vulnerability Database".
IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29035 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementationsπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39068 βΌ
π Read
via "National Vulnerability Database".
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20071 βΌ
π Read
via "National Vulnerability Database".
In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID: ALPS06183315.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20074 βΌ
π Read
via "National Vulnerability Database".
In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06183301; Issue ID: ALPS06183301.π Read
via "National Vulnerability Database".