βΌ CVE-2022-28462 βΌ
π Read
via "National Vulnerability Database".
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29939 βΌ
π Read
via "National Vulnerability Database".
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29938 βΌ
π Read
via "National Vulnerability Database".
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29339 βΌ
π Read
via "National Vulnerability Database".
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42242 βΌ
π Read
via "National Vulnerability Database".
A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28471 βΌ
π Read
via "National Vulnerability Database".
In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38π Read
via "National Vulnerability Database".
βΌ CVE-2022-29940 βΌ
π Read
via "National Vulnerability Database".
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29340 βΌ
π Read
via "National Vulnerability Database".
GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1575 βΌ
π Read
via "National Vulnerability Database".
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28461 βΌ
π Read
via "National Vulnerability Database".
mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection.π Read
via "National Vulnerability Database".
π΄ Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks π΄
π Read
via "Dark Reading".
Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.π Read
via "Dark Reading".
Dark Reading
Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks
Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.
β World Password Day β the 1960s just called and gave you your passwords back β
π Read
via "Naked Security".
Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords.π Read
via "Naked Security".
Naked Security
World Password Day β the 1960s just called and gave you your passwords back
Yes, passwords are going away. No, it wonβt happen tomorrow. So itβs still worth knowing the basics of picking proper passwords.
π΄ 1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin π΄
π Read
via "Dark Reading".
Researcher to reveal fresh details at Black Hat Asia on a tenacious cyber-espionage group attacking specific military, law enforcement, aviation, and other entities in Central and South Asia.π Read
via "Dark Reading".
Dark Reading
1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin
Researcher to reveal fresh details at Black Hat Asia on a tenacious cyber-espionage group attacking specific military, law enforcement, aviation, and other entities in Central and South Asia.
βΌ CVE-2022-1464 βΌ
π Read
via "National Vulnerability Database".
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .π Read
via "National Vulnerability Database".
βΌ CVE-2021-42183 βΌ
π Read
via "National Vulnerability Database".
MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1516 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in the Linux kernelΓ’β¬β’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.π Read
via "National Vulnerability Database".
π΄ Multichannel Phishing Concerns Cybersecurity Leaders in 2022 π΄
π Read
via "Dark Reading".
With 80% of companies using cloud collaboration tools, cybercriminals are using multichannel phishing attacks to exploit security gaps in the hybrid work model.π Read
via "Dark Reading".
Darkreading
Multichannel Phishing Concerns Cybersecurity Leaders in 2022
With 80% of companies using cloud collaboration tools, cybercriminals are using multichannel phishing attacks to exploit security gaps in the hybrid work model.
π΄ Cisco Announces Cloud Controls Framework Is Now Available to Public π΄
π Read
via "Dark Reading".
The Cisco CCF helps save resources by enabling organizations to achieve cloud security certifications more efficiently.π Read
via "Dark Reading".
Darkreading
Cisco Announces Cloud Controls Framework Is Now Available to Public
The Cisco CCF helps save resources by enabling organizations to achieve cloud security certifications more efficiently.
π΄ Critical Cisco VM-Escape Bug Threatens Host Takeover π΄
π Read
via "Dark Reading".
The vendor also disclosed two other security vulnerabilities that would allow remote, unauthenticated attackers to inject commands as root and snoop on sensitive user information.π Read
via "Dark Reading".
Darkreading
Critical Cisco VM-Escape Bug Threatens Host Takeover
The vendor also disclosed two other security vulnerabilities that would allow remote, unauthenticated attackers to inject commands as root and snoop on sensitive user information.
π΄ Magnet Forensics Acquires Cybersecurity Software Firm Comae Technologies π΄
π Read
via "Dark Reading".
The company will continue the development of Comaeβs memory analysis platform and seek to incorporate its capabilities into existing solutionsπ Read
via "Dark Reading".
Dark Reading
Magnet Forensics Acquires Cybersecurity Software Firm Comae Technologies
The company will continue the development of Comaeβs memory analysis platform and seek to incorporate its capabilities into existing solutions
π Wireshark Analyzer 3.6.5 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.6.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers