โผ CVE-2021-31673 โผ
๐ Read
via "National Vulnerability Database".
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.๐ Read
via "National Vulnerability Database".
โ Deep Dive: Protecting Against Container Threats in the Cloud โ
๐ Read
via "Threat Post".
A deep dive into securing containerized environments and understanding how they present unique security challenges.๐ Read
via "Threat Post".
Threat Post
Deep Dive: Protecting Against Container Threats in the Cloud
A deep dive into securing containerized environments and understanding how they present unique security challenges.
๐1
๐๏ธ Security bug in VMWare Workspace ONE could allow access to internal, cloud networks ๐๏ธ
๐ Read
via "The Daily Swig".
Users should patch immediately๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Security bug in VMWare Workspace ONE could allow access to internal, cloud networks
Users should patch immediately
โ Bad Actors Are Maximizing Remote Everything โ
๐ Read
via "Threat Post".
Aamir Lakhani, global security strategist and researcher at FortiGuard Labs, zeroes in on how adversaries are targeting 'remote everything'.๐ Read
via "Threat Post".
Threat Post
Bad Actors Are Maximizing Remote Everything
Aamir Lakhani, global security strategist and researcher at FortiGuard Labs, zeroes in on how adversaries are targeting 'remote everything'.
๐ด Security Stuff Happens: What Do You Do When It Hits the Fan? ๐ด
๐ Read
via "Dark Reading".
Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.)๐ Read
via "Dark Reading".
Dark Reading
Security Stuff Happens: What Do You Do When It Hits the Fan?
Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.)
โผ CVE-2021-36784 โผ
๐ Read
via "National Vulnerability Database".
A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-29973 โผ
๐ Read
via "National Vulnerability Database".
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-28572 โผ
๐ Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function๐ Read
via "National Vulnerability Database".
โผ CVE-2021-36778 โผ
๐ Read
via "National Vulnerability Database".
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-23064 โผ
๐ Read
via "National Vulnerability Database".
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-46790 โผ
๐ Read
via "National Vulnerability Database".
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-4200 โผ
๐ Read
via "National Vulnerability Database".
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-23065 โผ
๐ Read
via "National Vulnerability Database".
In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the รขโฌลAssetsรขโฌ๏ฟฝ tab. The uploaded file will affect administrators as well as regular users.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-23904 โผ
๐ Read
via "National Vulnerability Database".
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2022-28571 โผ
๐ Read
via "National Vulnerability Database".
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-29969 โผ
๐ Read
via "National Vulnerability Database".
The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true).๐ Read
via "National Vulnerability Database".
โผ CVE-2022-29970 โผ
๐ Read
via "National Vulnerability Database".
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-1300 โผ
๐ Read
via "National Vulnerability Database".
Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.๐ Read
via "National Vulnerability Database".
๐ Samhain File Integrity Checker 4.4.8 ๐
๐ Read
via "Packet Storm Security".
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.๐ Read
via "Packet Storm Security".
Packetstormsecurity
Samhain File Integrity Checker 4.4.8 โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
โผ CVE-2022-28054 โผ
๐ Read
via "National Vulnerability Database".
Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-28056 โผ
๐ Read
via "National Vulnerability Database".
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php.๐ Read
via "National Vulnerability Database".