βΌ CVE-2021-27765 βΌ
π Read
via "National Vulnerability Database".
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27762 βΌ
π Read
via "National Vulnerability Database".
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responsesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-24105 βΌ
π Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious U3D file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27909 βΌ
π Read
via "National Vulnerability Database".
In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' filesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-27784 βΌ
π Read
via "National Vulnerability Database".
Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28273 βΌ
π Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23802 βΌ
π Read
via "National Vulnerability Database".
Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users' information. Information disclosure Access to private information and components, possibility to view other users' information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27766 βΌ
π Read
via "National Vulnerability Database".
The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24098 βΌ
π Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an improper input validation vulnerability when parsing a PCX file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PCX file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27764 βΌ
π Read
via "National Vulnerability Database".
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)π Read
via "National Vulnerability Database".
βΌ CVE-2021-27759 βΌ
π Read
via "National Vulnerability Database".
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27761 βΌ
π Read
via "National Vulnerability Database".
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacksπ Read
via "National Vulnerability Database".
π1
βΌ CVE-2019-12254 βΌ
π Read
via "National Vulnerability Database".
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25324 βΌ
π Read
via "National Vulnerability Database".
All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23592 βΌ
π Read
via "National Vulnerability Database".
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23792 βΌ
π Read
via "National Vulnerability Database".
The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30334 βΌ
π Read
via "National Vulnerability Database".
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."π Read
via "National Vulnerability Database".
π2
βοΈ Your Phone May Soon Replace Many of Your Passwords βοΈ
π Read
via "Krebs on Security".
Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.π Read
via "Krebs on Security".
Krebs on Security
Your Phone May Soon Replace Many of Your Passwords
Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say theβ¦
π2
βΌ CVE-2022-1616 βΌ
π Read
via "National Vulnerability Database".
Use after free in append_command in GitHub repository vim/vim prior to 8.2. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote executionπ Read
via "National Vulnerability Database".
π Friday Five 5/6 π
π Read
via "".
Read up on how passwords may soon be a thing of the past, how your mental health data may be at risk, how business email compromise cost organizations billions in the past five years, and much moreβall in this weekβs Friday Five!
π Read
via "".
π€―1
βΌ CVE-2022-30333 βΌ
π Read
via "National Vulnerability Database".
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.π Read
via "National Vulnerability Database".