βΌ CVE-2022-0142 βΌ
π Read
via "National Vulnerability Database".
The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0141 βΌ
π Read
via "National Vulnerability Database".
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-24248 βΌ
π Read
via "National Vulnerability Database".
RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints.π Read
via "National Vulnerability Database".
π΄ Building a Cybersecurity Mesh Architecture in the Real World π΄
π Read
via "Dark Reading".
Like zero trust, the cybersecurity mesh re-envisions the perimeter at the identity layer and centers upon unifying disparate security tools into a single, interoperable ecosystem.π Read
via "Dark Reading".
Dark Reading
Building a Cybersecurity Mesh Architecture in the Real World
Like zero trust, the cybersecurity mesh re-envisions the perimeter at the identity layer and centers upon unifying disparate security tools into a single, interoperable ecosystem.
ποΈ OpenSSH 9.0 bakes in post-quantum cryptography to future proof against attacks ποΈ
π Read
via "The Daily Swig".
Protection offered against βcapture now, decrypt laterβ attacksπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
OpenSSH 9.0 bakes in post-quantum cryptography to future proof against attacks
Protection offered against βcapture now, decrypt laterβ attacks
ποΈ Internal AWS credentials swiped by researcher via SQL payload ποΈ
π Read
via "The Daily Swig".
Amazon cloud service acts quickly to close security hole in RDSπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Internal AWS credentials swiped by researcher via SQL payload
Amazon cloud service acts quickly to close security hole in RDS
βΌ CVE-2021-32040 βΌ
π Read
via "National Vulnerability Database".
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB versions prior to 5.0.4, 4.4.11, 4.2.16.π Read
via "National Vulnerability Database".
β OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default β
π Read
via "Naked Security".
Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Five critical bugs fixed in automatic hospital robot control system β
π Read
via "Naked Security".
Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse...π Read
via "Naked Security".
Naked Security
Hospital robot system gets five critical security holes patched
Fortunately, weβre not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worseβ¦
β Menswear Brand Zegna Reveals Ransomware Attack β
π Read
via "Threat Post".
Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay.π Read
via "Threat Post".
Threat Post
Menswear Brand Zegna Reveals Ransomware Attack
Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay.
βοΈ RaidForums Gets Raided, Alleged Admin Arrested βοΈ
π Read
via "Krebs on Security".
The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world's largest data breaches since 2015. The DOJ also charged the alleged administrator of RaidForums -- 21-year-old Diogo Santos Coelho, of Portugal -- with six criminal counts, including conspiracy, access device fraud and aggravated identity theft.π Read
via "Krebs on Security".
Krebs on Security
RaidForums Gets Raided, Alleged Admin Arrested
The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world's largestβ¦
βΌ CVE-2021-39804 βΌ
π Read
via "National Vulnerability Database".
In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215002587π Read
via "National Vulnerability Database".
βΌ CVE-2021-39794 βΌ
π Read
via "National Vulnerability Database".
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-205836329π Read
via "National Vulnerability Database".
βΌ CVE-2022-21202 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0707 βΌ
π Read
via "National Vulnerability Database".
In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2022-21803 βΌ
π Read
via "National Vulnerability Database".
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39797 βΌ
π Read
via "National Vulnerability Database".
In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104π Read
via "National Vulnerability Database".
βΌ CVE-2021-41004 βΌ
π Read
via "National Vulnerability Database".
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39798 βΌ
π Read
via "National Vulnerability Database".
In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213169612π Read
via "National Vulnerability Database".
βΌ CVE-2022-27472 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39805 βΌ
π Read
via "National Vulnerability Database".
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559π Read
via "National Vulnerability Database".