βΌ CVE-2022-23060 βΌ
π Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the Γ’β¬ΕManage filesΓ’β¬οΏ½ tabπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1544 βΌ
π Read
via "National Vulnerability Database".
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23061 βΌ
π Read
via "National Vulnerability Database".
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31674 βΌ
π Read
via "National Vulnerability Database".
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28451 βΌ
π Read
via "National Vulnerability Database".
nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40822 βΌ
π Read
via "National Vulnerability Database".
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29849 βΌ
π Read
via "National Vulnerability Database".
In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29968 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31673 βΌ
π Read
via "National Vulnerability Database".
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.π Read
via "National Vulnerability Database".
β Deep Dive: Protecting Against Container Threats in the Cloud β
π Read
via "Threat Post".
A deep dive into securing containerized environments and understanding how they present unique security challenges.π Read
via "Threat Post".
Threat Post
Deep Dive: Protecting Against Container Threats in the Cloud
A deep dive into securing containerized environments and understanding how they present unique security challenges.
π1
ποΈ Security bug in VMWare Workspace ONE could allow access to internal, cloud networks ποΈ
π Read
via "The Daily Swig".
Users should patch immediatelyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Security bug in VMWare Workspace ONE could allow access to internal, cloud networks
Users should patch immediately
β Bad Actors Are Maximizing Remote Everything β
π Read
via "Threat Post".
Aamir Lakhani, global security strategist and researcher at FortiGuard Labs, zeroes in on how adversaries are targeting 'remote everything'.π Read
via "Threat Post".
Threat Post
Bad Actors Are Maximizing Remote Everything
Aamir Lakhani, global security strategist and researcher at FortiGuard Labs, zeroes in on how adversaries are targeting 'remote everything'.
π΄ Security Stuff Happens: What Do You Do When It Hits the Fan? π΄
π Read
via "Dark Reading".
Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.)π Read
via "Dark Reading".
Dark Reading
Security Stuff Happens: What Do You Do When It Hits the Fan?
Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.)
βΌ CVE-2021-36784 βΌ
π Read
via "National Vulnerability Database".
A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29973 βΌ
π Read
via "National Vulnerability Database".
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28572 βΌ
π Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` functionπ Read
via "National Vulnerability Database".
βΌ CVE-2021-36778 βΌ
π Read
via "National Vulnerability Database".
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23064 βΌ
π Read
via "National Vulnerability Database".
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46790 βΌ
π Read
via "National Vulnerability Database".
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4200 βΌ
π Read
via "National Vulnerability Database".
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23065 βΌ
π Read
via "National Vulnerability Database".
In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the Γ’β¬ΕAssetsΓ’β¬οΏ½ tab. The uploaded file will affect administrators as well as regular users.π Read
via "National Vulnerability Database".