βΌ CVE-2022-26326 βΌ
π Read
via "National Vulnerability Database".
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2π Read
via "National Vulnerability Database".
βΌ CVE-2021-3643 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1370 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1378 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1372 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1475 βΌ
π Read
via "National Vulnerability Database".
An integer overflow vulnerability was found in FFmpeg 5.0.1 and in previous versions in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1367 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28613 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26325 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2π Read
via "National Vulnerability Database".
π Connecticut Set to Pass Nation's Next Data Privacy Law π
π Read
via "".
The bill, which is similar to the privacy laws recently passed in Colorado, Virginia and Utah, would give Connecticut consumers more control over the personal data collected about them by companies online.π Read
via "".
Digital Guardian
Connecticut Set to Pass Nation's Next Data Privacy Law
The bill, which is similar to the privacy laws recently passed in Colorado, Virginia and Utah, would give Connecticut consumers more control over the personal data collected about them by companies online.
π΄ Google Offers $1.5M Bug Bounty for Android 13 Beta π΄
π Read
via "Dark Reading".
The security vulnerability payout set bug hunters rejoicing, but claiming the reward is much, much easier said than done.π Read
via "Dark Reading".
Darkreading
Google Offers $1.5M Bug Bounty for Android 13 Beta
The security vulnerability payout set bug hunters rejoicing, but claiming the reward is much, much easier said than done.
βΌ CVE-2021-36844 βΌ
π Read
via "National Vulnerability Database".
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41810 βΌ
π Read
via "National Vulnerability Database".
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitableπ Read
via "National Vulnerability Database".
βΌ CVE-2022-29444 βΌ
π Read
via "National Vulnerability Database".
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.π Read
via "National Vulnerability Database".
βοΈ Russia to Rent Tech-Savvy Prisoners to Corporate IT? βοΈ
π Read
via "Krebs on Security".
Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation's prison population to perform low-cost IT work for domestic companies.π Read
via "Krebs on Security".
Krebsonsecurity
Russia to Rent Tech-Savvy Prisoners to Corporate IT?
Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people withinβ¦
π1
βΌ CVE-2021-42530 βΌ
π Read
via "National Vulnerability Database".
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-4138 βΌ
π Read
via "National Vulnerability Database".
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-24974 βΌ
π Read
via "National Vulnerability Database".
Links may not be rewritten according to policy in some specially formatted emails.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42528 βΌ
π Read
via "National Vulnerability Database".
XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23618 βΌ
π Read
via "National Vulnerability Database".
A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23722 βΌ
π Read
via "National Vulnerability Database".
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing userΓΒ’Γ’β¬ÒβΒ’s password.π Read
via "National Vulnerability Database".