βΌ CVE-2022-29533 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."π Read
via "National Vulnerability Database".
βΌ CVE-2022-29529 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29536 βΌ
π Read
via "National Vulnerability Database".
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29528 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29498 βΌ
π Read
via "National Vulnerability Database".
Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27237 βΌ
π Read
via "National Vulnerability Database".
There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.π Read
via "National Vulnerability Database".
ποΈ NIST revamps aging enterprise patch management guidance ποΈ
π Read
via "The Daily Swig".
US agency highlights βdivideβ between security teams and their colleagues about the value of patchingπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NIST revamps aging enterprise patch management guidance
US agency highlights βdivideβ between security teams and their colleagues about the value of patching
βΌ CVE-2022-24272 βΌ
π Read
via "National Vulnerability Database".
An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1420 βΌ
π Read
via "National Vulnerability Database".
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.π Read
via "National Vulnerability Database".
β Critical cryptographic Java security blunder patched β update now! β
π Read
via "Naked Security".
Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Adversaries Look for "Attackability" When Selecting Targets π΄
π Read
via "Dark Reading".
A large number of enterprise applications are affected by the vulnerability in log4j, but adversaries aren't just looking for the most common applications. They are looking for targets that are easier to exploit and/or have the biggest payoff.π Read
via "Dark Reading".
Dark Reading
Adversaries Look for 'Attackability' When Selecting Targets
A large number of enterprise applications are affected by the vulnerability in Log4j, but adversaries aren't just looking for the most common applications. They are looking for targets that are easier to exploit and/or have the biggest payoff.
β S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and cryptododginess [Podcast] β
π Read
via "Naked Security".
Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]
Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode β listen now!
π΄ 3 Ways We Can Improve Cybersecurity π΄
π Read
via "Dark Reading".
To better manage risks, companies can concentrate on resilience, sharing information to protect from cyber threats, and making the cybersecurity tent bigger by looking at workers with nontraditional skill sets.π Read
via "Dark Reading".
Dark Reading
3 Ways We Can Improve Cybersecurity
To better manage risks, companies can concentrate on resilience, sharing information to protect from cyber threats, and making the cybersecurity tent bigger by looking at workers with nontraditional skill sets.
ποΈ Hack Me, Iβm Famous: Bug bounty hackathon nets security researcher β¬10,000 overnight ποΈ
π Read
via "The Daily Swig".
European event saw 40 researchers team up to find bugsπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
π Suricata IDPE 6.0.5 π
π Read
via "Packet Storm Security".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.π Read
via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-1022 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.5.0.π Read
via "National Vulnerability Database".
π΄ Alert Logic Releases MDR Incident Response Capability for Addressing a Breach π΄
π Read
via "Dark Reading".
Seedrs Ltd. deployed and configured Alert Logic Intelligent Response in minutes, and immediately began blocking critical threats.π Read
via "Dark Reading".
Dark Reading
Alert Logic Releases MDR Incident Response Capability for Addressing a Breach
Seedrs Ltd. deployed and configured Alert Logic Intelligent Response in minutes, and immediately began blocking critical threats.
βΌ CVE-2022-0272 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24868 βΌ
π Read
via "National Vulnerability Database".
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user viewing the avatar will be subject to a cross site scripting attack. Users of GLPI are advised to upgrade. Users unable to upgrade should disallow SVG avatars.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24870 βΌ
π Read
via "National Vulnerability Database".
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41161 βΌ
π Read
via "National Vulnerability Database".
Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".