‼ CVE-2022-29072 ‼
📖 Read
via "National Vulnerability Database".
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27423 ‼
📖 Read
via "National Vulnerability Database".
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27426 ‼
📖 Read
via "National Vulnerability Database".
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27422 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24279 ‼
📖 Read
via "National Vulnerability Database".
The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix of [CVE-2020-7701](https://security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27425 ‼
📖 Read
via "National Vulnerability Database".
Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27421 ‼
📖 Read
via "National Vulnerability Database".
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29281 ‼
📖 Read
via "National Vulnerability Database".
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).📖 Read
via "National Vulnerability Database".
🕴 Google Emergency Update Fixes Chrome Zero-Day 🕴
📖 Read
via "Dark Reading".
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.📖 Read
via "Dark Reading".
Dark Reading
Google Emergency Update Fixes Chrome Zero-Day
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.
‼ CVE-2022-1365 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.📖 Read
via "National Vulnerability Database".
⚠ Yet another Chrome zero-day emergency update – patch now! ⚠
📖 Read
via "Naked Security".
The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.📖 Read
via "Naked Security".
👍1
‼ CVE-2022-29020 ‼
📖 Read
via "National Vulnerability Database".
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29287 ‼
📖 Read
via "National Vulnerability Database".
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password).📖 Read
via "National Vulnerability Database".
🕴 Upgrades for Spring Framework Have Stalled 🕴
📖 Read
via "Dark Reading".
Upgrading and fixing the vulnerability in the Spring Framework doesn't seem to have the same level of urgency or energy as patching the Log4j library did back in December📖 Read
via "Dark Reading".
Dark Reading
Upgrades for Spring Framework Have Stalled
Upgrading and fixing the vulnerability in the Spring Framework doesn't seem to have the same level of urgency or energy as patching the Log4j library did back in December.
👍1
📢 Cloud security market to hit $106 billion by 2029 📢
📖 Read
via "ITPro".
The Asian-Pacific region is expected to see the highest growth rate over the forecast period📖 Read
via "ITPro".
IT PRO
Cloud security market to hit $106 billion by 2029 | IT PRO
The Asian-Pacific region is expected to see the highest growth rate over the forecast period
📢 Authorities finally confirm leading hacker platform RaidForums has been seized 📢
📖 Read
via "ITPro".
A 21-year-old was arrested in the UK in connection with the prolific hacker platform📖 Read
via "ITPro".
IT PRO
Authorities finally confirm leading hacker platform RaidForums has been seized | IT PRO
A 21-year-old was arrested in the UK in connection with the prolific hacker platform
📢 Denonia named as first malware to target AWS Lambda platform 📢
📖 Read
via "ITPro".
Deployment demonstrates how attackers are using advanced cloud-specific knowledge to exploit complex cloud infrastructure, Cado Security says📖 Read
via "ITPro".
IT PRO
Denonia named as first malware to target AWS Lambda platform | IT PRO
Deployment demonstrates how attackers are using advanced cloud-specific knowledge to exploit complex cloud infrastructure, Cado Security says
📢 DuckDuckGo app arrives on Mac 📢
📖 Read
via "ITPro".
New browser app comes with a cookie popup blocker and a password manager📖 Read
via "ITPro".
IT PRO
DuckDuckGo app arrives on Mac | IT PRO
New browser app comes with a cookie popup blocker and a password manager
📢 Ransomware activity falls 25% in Q1 2022 📢
📖 Read
via "ITPro".
The drop in ransomware has been attributed to larger ransomware gangs being less active compared to the end of 2021📖 Read
via "ITPro".
IT PRO
Ransomware activity falls 25% in Q1 2022 | IT PRO
The drop in ransomware has been attributed to larger ransomware gangs being less active compared to the end of 2021
📢 Critical security flaw discovered in NFT marketplace Rarible 📢
📖 Read
via "ITPro".
If exploited, the vulnerability could have led to the theft of NFTs and crypto tokens in a single transaction📖 Read
via "ITPro".
IT PRO
Critical security flaw discovered in NFT marketplace Rarible | IT PRO
If exploited, the vulnerability could have led to the theft of NFTs and crypto tokens in a single transaction
📢 The pros and cons of net neutrality 📢
📖 Read
via "ITPro".
Still on the fence about net neutrality? Here are both sides of the argument📖 Read
via "ITPro".
IT PRO
The pros and cons of net neutrality | IT PRO
Still on the fence about net neutrality? Here are both sides of the argument