βΌ CVE-2022-1464 βΌ
π Read
via "National Vulnerability Database".
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .π Read
via "National Vulnerability Database".
βΌ CVE-2021-42183 βΌ
π Read
via "National Vulnerability Database".
MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1516 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in the Linux kernelΓ’β¬β’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.π Read
via "National Vulnerability Database".
π΄ Multichannel Phishing Concerns Cybersecurity Leaders in 2022 π΄
π Read
via "Dark Reading".
With 80% of companies using cloud collaboration tools, cybercriminals are using multichannel phishing attacks to exploit security gaps in the hybrid work model.π Read
via "Dark Reading".
Darkreading
Multichannel Phishing Concerns Cybersecurity Leaders in 2022
With 80% of companies using cloud collaboration tools, cybercriminals are using multichannel phishing attacks to exploit security gaps in the hybrid work model.
π΄ Cisco Announces Cloud Controls Framework Is Now Available to Public π΄
π Read
via "Dark Reading".
The Cisco CCF helps save resources by enabling organizations to achieve cloud security certifications more efficiently.π Read
via "Dark Reading".
Darkreading
Cisco Announces Cloud Controls Framework Is Now Available to Public
The Cisco CCF helps save resources by enabling organizations to achieve cloud security certifications more efficiently.
π΄ Critical Cisco VM-Escape Bug Threatens Host Takeover π΄
π Read
via "Dark Reading".
The vendor also disclosed two other security vulnerabilities that would allow remote, unauthenticated attackers to inject commands as root and snoop on sensitive user information.π Read
via "Dark Reading".
Darkreading
Critical Cisco VM-Escape Bug Threatens Host Takeover
The vendor also disclosed two other security vulnerabilities that would allow remote, unauthenticated attackers to inject commands as root and snoop on sensitive user information.
π΄ Magnet Forensics Acquires Cybersecurity Software Firm Comae Technologies π΄
π Read
via "Dark Reading".
The company will continue the development of Comaeβs memory analysis platform and seek to incorporate its capabilities into existing solutionsπ Read
via "Dark Reading".
Dark Reading
Magnet Forensics Acquires Cybersecurity Software Firm Comae Technologies
The company will continue the development of Comaeβs memory analysis platform and seek to incorporate its capabilities into existing solutions
π Wireshark Analyzer 3.6.5 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.6.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ FBI: Bank Losses From BEC Attacks Top $43B π΄
π Read
via "Dark Reading".
Law enforcement attributes a recent 65% spike in BEC attack losses to COVID-19 restrictions and the ongoing reality of a remote workforce.π Read
via "Dark Reading".
Darkreading
FBI: Bank Losses From BEC Attacks Top $43B
Law enforcement attributes a recent 65% spike in BEC attack losses to COVID-19 restrictions and the ongoing reality of a remote workforce.
βΌ CVE-2021-38487 βΌ
π Read
via "National Vulnerability Database".
RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43547 βΌ
π Read
via "National Vulnerability Database".
TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39020 βΌ
π Read
via "National Vulnerability Database".
IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1468 βΌ
π Read
via "National Vulnerability Database".
On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedπ Read
via "National Vulnerability Database".
βΌ CVE-2021-38445 βΌ
π Read
via "National Vulnerability Database".
OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26130 βΌ
π Read
via "National Vulnerability Database".
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedπ Read
via "National Vulnerability Database".
βΌ CVE-2021-38429 βΌ
π Read
via "National Vulnerability Database".
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1389 βΌ
π Read
via "National Vulnerability Database".
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedπ Read
via "National Vulnerability Database".
βΌ CVE-2021-38427 βΌ
π Read
via "National Vulnerability Database".
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44057 βΌ
π Read
via "National Vulnerability Database".
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2022-26340 βΌ
π Read
via "National Vulnerability Database".
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-26517 βΌ
π Read
via "National Vulnerability Database".
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedπ Read
via "National Vulnerability Database".