‼ CVE-2022-20717 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28044 ‼
📖 Read
via "National Vulnerability Database".
Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28042 ‼
📖 Read
via "National Vulnerability Database".
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20661 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20723 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20695 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials. Note: This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable. For details about the vulnerable configuration, see the Vulnerable Products section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20682 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to inadequate input validation of incoming CAPWAP packets encapsulating multicast DNS (mDNS) queries. An attacker could exploit this vulnerability by connecting to a wireless network and sending a crafted mDNS query, which would flow through and be processed by the wireless controller. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20678 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload.📖 Read
via "National Vulnerability Database".
⚠ S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]
Latest episode – listen now!
❌ Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web ❌
📖 Read
via "Threat Post".
Connections that show the cybercriminal teams are working together signal shifts in their respective tactics and an expansion of opportunities to target victims.📖 Read
via "Threat Post".
Threat Post
Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web
Connections that show the cybercriminal teams are working together signal shifts in their respective tactics and an expansion of opportunities to target victims.
🕴 CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks 🕴
📖 Read
via "Dark Reading".
Omdia Senior Analyst Hollie Hennessy says the new threat to multiple ICS and SCADA devices underscores the importance of a rapid response to IoT and OT security risks.📖 Read
via "Dark Reading".
Dark Reading
CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks
Omdia Senior Analyst Hollie Hennessy says the new threat to multiple ICS and SCADA devices underscores the importance of a rapid response to IoT and OT security risks.
‼ CVE-2021-42230 ‼
📖 Read
via "National Vulnerability Database".
Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-27849 ‼
📖 Read
via "National Vulnerability Database".
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21159 ‼
📖 Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23865 ‼
📖 Read
via "National Vulnerability Database".
Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '"> on the thes1 parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29268 ‼
📖 Read
via "National Vulnerability Database".
Bitrix through 7.5.0 allows remote attackers to execute arbitrary code by using the restore.php Upload From Local Disk feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27852 ‼
📖 Read
via "National Vulnerability Database".
Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26594 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36828 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance (WordPress plugin) <= 6.0.4 affects multiple inputs.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27258 ‼
📖 Read
via "National Vulnerability Database".
Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27850 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.📖 Read
via "National Vulnerability Database".