βΌ CVE-2022-22968 βΌ
π Read
via "National Vulnerability Database".
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44394 βΌ
π Read
via "National Vulnerability Database".
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
π΄ greymatter.io Closes $7.1 Million Series A to Meet Rising Need for Its Enterprise Microservices Platform π΄
π Read
via "Dark Reading".
Elsewhere Partners invests in proven service mesh and API management innovator as it grows team and breaks into new markets.π Read
via "Dark Reading".
Dark Reading
greymatter.io Closes $7.1 Million Series A to Meet Rising Need for Its Enterprise Microservices Platform
Elsewhere Partners invests in proven service mesh and API management innovator as it grows team and breaks into new markets.
π΄ Kaspersky Relocates Cyberthreat-Related Data Processing for Users in Latin America and Middle East to Switzerland π΄
π Read
via "Dark Reading".
Also, it re-certifies its data services by TΓV AUSTRIA.π Read
via "Dark Reading".
Dark Reading
Kaspersky Relocates Cyberthreat-Related Data Processing for Users in Latin America and Middle East to Switzerland
Also, it re-certifies its data services by TΓV AUSTRIA.
βΌ CVE-2022-24853 βΌ
π Read
via "National Vulnerability Database".
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an `NTLM relay attack`, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24849 βΌ
π Read
via "National Vulnerability Database".
DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two `RequireDisCatSharpDeveloperAttribute`s or the `BaseDiscordClient.LibraryDeveloperTeam` have potentially had their bot token sent to a web server not affiliated with Discord. This server is owned and operated by DisCatSharp's development team. The tokens were not logged, yet it is still advisable to reset the tokens of potentially affected bots. 9.9.1 has been released to patch the issue for the current stable release and the current 10.0.0 prereleases are also no longer affected. Users unable to upgrade should remove all uses of the two `RequireDisCatSharpDeveloperAttribute`s and all direct calls to `BaseDiscordClient.LibraryDeveloperTeam`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24855 βΌ
π Read
via "National Vulnerability Database".
Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links that could lead to account takeover. Users are advised to either upgrade immediately, or block access in your firewall to `/_internal` endpoints for Metabase. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24846 βΌ
π Read
via "National Vulnerability Database".
GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local configuration file, in GeoServer a user interface is provided to perform the same, that can be accessed remotely, and requires admin-level login to be used. These lookup are unrestricted in scope and can lead to code execution. The lookups are going to be restricted in GeoWebCache 1.21.0, 1.20.2, 1.19.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24824 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24850 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24854 βΌ
π Read
via "National Vulnerability Database".
Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach this database to a second database, and then it can query across all the tables. To be able to do that the attacker also needs to know the file path to the second database. Users are advised to upgrade as soon as possible. If you're unable to upgrade, you can modify your SQLIte connection strings to contain the url argument `?limit_attached=0`, which will disallow making connections to other SQLite databases. Only users making use of SQLite are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26499 βΌ
π Read
via "National Vulnerability Database".
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-26651 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28345 βΌ
π Read
via "National Vulnerability Database".
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26498 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40386 βΌ
π Read
via "National Vulnerability Database".
Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
π΄ Cybersecurity Act of 2022: A Step in the Right Direction With a Significant Loophole π΄
π Read
via "Dark Reading".
The act contains a loophole added late in the process that will impede progress toward the goal of increasing US cybersecurity: a complete carve-out of DNS from the reporting requirements and other obligations outlined in the bill.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Act of 2022: A Step in the Right Direction With a Significant Loophole
The act contains a loophole added late in the process that will impede progress toward the goal of increasing US cybersecurity: a complete carve-out of DNS from the reporting requirements and other obligations outlined in the bill.
βΌ CVE-2022-27474 βΌ
π Read
via "National Vulnerability Database".
SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.π Read
via "National Vulnerability Database".
ποΈ Tearing down red flags: Women in CyberSecurityβs Lynn Dohm on tackling the high exit rate of female infosec pros ποΈ
π Read
via "The Daily Swig".
Infosec leader on why training, mutual support, and career opportunities are needed to keep women in their rolesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tearing down red flags: Women in CyberSecurityβs Lynn Dohm on tackling the high exit rate of female infosec pros
Infosec leader on why training, mutual support, and career opportunities are needed to keep women in their roles
βΌ CVE-2022-20739 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20716 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.π Read
via "National Vulnerability Database".