βΌ CVE-2022-1592 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...π Read
via "National Vulnerability Database".
βΌ CVE-2022-1411 βΌ
π Read
via "National Vulnerability Database".
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1590 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45783 βΌ
π Read
via "National Vulnerability Database".
Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.π Read
via "National Vulnerability Database".
β F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems β
π Read
via "Threat Post".
The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10.π Read
via "Threat Post".
Threat Post
F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems
The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10.
β CANs Reinvent LANs for an All-Local World β
π Read
via "Threat Post".
A close look at a new type of network, known as a Cloud Area Network.π Read
via "Threat Post".
Threat Post
CANs Reinvent LANs for an All-Local World
A close look at a new type of network, known as a Cloud Area Network.
ποΈ Heroku resets user passwords after concluding April cyber-attack ran deep ποΈ
π Read
via "The Daily Swig".
Hack investigation blames compromised token for breachπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Heroku resets user passwords after concluding April cyber-attack ran deep
Hack investigation blames compromised token for breach
π΄ Why Security Matters Even More in Online Gaming π΄
π Read
via "Dark Reading".
As the gaming sector booms, game publishers and gaming networks have been heavily targeted with distributed denial-of-service (DDoS) attacks in the last year.π Read
via "Dark Reading".
Darkreading
Why Security Matters Even More in Online Gaming
As the gaming sector booms, game publishers and gaming networks have been heavily targeted with distributed denial-of-service (DDoS) attacks in the last year.
β S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]
Latest episode β listen now!
βΌ CVE-2022-28462 βΌ
π Read
via "National Vulnerability Database".
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29939 βΌ
π Read
via "National Vulnerability Database".
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29938 βΌ
π Read
via "National Vulnerability Database".
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29339 βΌ
π Read
via "National Vulnerability Database".
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42242 βΌ
π Read
via "National Vulnerability Database".
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28471 βΌ
π Read
via "National Vulnerability Database".
In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38π Read
via "National Vulnerability Database".
βΌ CVE-2022-29940 βΌ
π Read
via "National Vulnerability Database".
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29340 βΌ
π Read
via "National Vulnerability Database".
GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1575 βΌ
π Read
via "National Vulnerability Database".
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28461 βΌ
π Read
via "National Vulnerability Database".
mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection.π Read
via "National Vulnerability Database".
π΄ Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks π΄
π Read
via "Dark Reading".
Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.π Read
via "Dark Reading".
Dark Reading
Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks
Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.
β World Password Day β the 1960s just called and gave you your passwords back β
π Read
via "Naked Security".
Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords.π Read
via "Naked Security".
Naked Security
World Password Day β the 1960s just called and gave you your passwords back
Yes, passwords are going away. No, it wonβt happen tomorrow. So itβs still worth knowing the basics of picking proper passwords.