βΌ CVE-2022-27330 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28785 βΌ
π Read
via "National Vulnerability Database".
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28790 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28793 βΌ
π Read
via "National Vulnerability Database".
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27413 βΌ
π Read
via "National Vulnerability Database".
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28791 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28780 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28784 βΌ
π Read
via "National Vulnerability Database".
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28783 βΌ
π Read
via "National Vulnerability Database".
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28781 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20105 βΌ
π Read
via "National Vulnerability Database".
In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.π Read
via "National Vulnerability Database".
π΄ What Should I Know About Defending IoT Attack Surfaces? π΄
π Read
via "Dark Reading".
The Internet of Things needs to be part of the overall corporate information security policy to prevent adversaries from using these devices as an entry point.π Read
via "Dark Reading".
Darkreading
What Should I Know About Defending IoT Attack Surfaces?
The Internet of Things needs to be part of the overall corporate information security policy to prevent adversaries from using these devices as an entry point.
βΌ CVE-2022-1555 βΌ
π Read
via "National Vulnerability Database".
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...π Read
via "National Vulnerability Database".
βΌ CVE-2022-1502 βΌ
π Read
via "National Vulnerability Database".
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.π Read
via "National Vulnerability Database".
β Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk β
π Read
via "Threat Post".
A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.π Read
via "Threat Post".
Threat Post
Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk
A flaw in all versions of the popular C standard libraries uClibc and uClibe-ng can allow for DNS poisoning attacks against target devices.
ποΈ TLStorm 2.0: Millions of Aruba and Avaya network switches affected by RCE flaws ποΈ
π Read
via "The Daily Swig".
Patches issued for vulnerabilities arising from misuse of NanoSSL TLS libraryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
TLStorm 2.0: Millions of Aruba and Avaya network switches affected by RCE flaws
Patches issued for vulnerabilities arising from misuse of NanoSSL TLS library
π΄ Aryaka, Carnegie Mellonβs CyLab to Research New Threat Mitigation Techniques π΄
π Read
via "Dark Reading".
The security research partnership will focus on developing new techniques and releasing them as open source.π Read
via "Dark Reading".
Darkreading
Aryaka, Carnegie Mellonβs CyLab to Research New Threat Mitigation Techniques
The security research partnership will focus on developing new techniques and releasing them as open source.
βΌ CVE-2022-1571 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of `same origin` page, etc ...π Read
via "National Vulnerability Database".
βΌ CVE-2021-42192 βΌ
π Read
via "National Vulnerability Database".
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.π Read
via "National Vulnerability Database".
ποΈ State Bar of Georgia reels from cyber-attack ποΈ
π Read
via "The Daily Swig".
Bar suspends website after mystery assaultπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
State Bar of Georgia reels from cyber-attack
Bar suspends website after mystery assault
β Attackers Use Event Logs to Hide Fileless Malware β
π Read
via "Threat Post".
A sophisticated campaign utilizes a novel anti-detection method.π Read
via "Threat Post".
Threat Post
Attackers Use Event Logs to Hide Fileless Malware
A sophisticated campaign utilizes a novel anti-detection method.