βΌ CVE-2021-26351 βΌ
π Read
via "National Vulnerability Database".
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26368 βΌ
π Read
via "National Vulnerability Database".
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28818 βΌ
π Read
via "National Vulnerability Database".
ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29369 βΌ
π Read
via "National Vulnerability Database".
Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.π Read
via "National Vulnerability Database".
π΄ Egnyte Enhances Program for Managed Service Providers π΄
π Read
via "Dark Reading".
Enhancements to the program include unique packages, faster response time for invoicing, and dedicated training for new solutions.π Read
via "Dark Reading".
Darkreading
Egnyte Enhances Program for Managed Service Providers
Enhancements to the program include unique packages, faster response time for invoicing, and dedicated training for new solutions.
π΄ Cloud Firm Appian Awarded $2B in Trade Secret Cyber-Theft Lawsuit π΄
π Read
via "Dark Reading".
Cloud competitor found liable for breaking into Appian back-end systems to steal company secrets.π Read
via "Dark Reading".
Darkreading
Cloud Firm Appian Awarded $2B in Trade Secret Cyber-Theft Lawsuit
Cloud competitor found liable for breaking into Appian back-end systems to steal company secrets.
π΄ StackHawk Raises $20.7 Million in Series B Funding for Developer-First Application and API Security Testing π΄
π Read
via "Dark Reading".
Round co-led by Sapphire Ventures and Costanoa Ventures to accelerate product leadership and market growth.π Read
via "Dark Reading".
Darkreading
StackHawk Raises $20.7 Million in Series B Funding for Developer-First Application and API Security Testing
Round co-led by Sapphire Ventures and Costanoa Ventures to accelerate product leadership and market growth.
π΄ 3 Predictors of Cybersecurity Startup Success π΄
π Read
via "Dark Reading".
Before investing, venture capitalists should consider a trio of business characteristics that seem to correlate with commercial success, based on meetings with over 2,000 cybersecurity startups.π Read
via "Dark Reading".
Darkreading
3 Predictors of Cybersecurity Startup Success
Before investing, venture capitalists should consider a trio of business characteristics that seem to correlate with commercial success, based on meetings with over 2,000 cybersecurity startups.
βΌ CVE-2021-27500 βΌ
π Read
via "National Vulnerability Database".
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22798 βΌ
π Read
via "National Vulnerability Database".
Sysaid Γ’β¬β Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22971 βΌ
π Read
via "National Vulnerability Database".
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22984 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22987 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23165 βΌ
π Read
via "National Vulnerability Database".
Sysaid Γ’β¬β Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected product to expose the Offline Help Pages. An attacker may gain access to sensitive information or execute client-side code in the browser session of the victim user. Furthermore, an attacker would require the victim to open a malicious link. An attacker may exploit this vulnerability in order to perform phishing attacks. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the systemπ Read
via "National Vulnerability Database".
βΌ CVE-2022-23139 βΌ
π Read
via "National Vulnerability Database".
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. ItΓ’β¬β’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22986 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22970 βΌ
π Read
via "National Vulnerability Database".
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27498 βΌ
π Read
via "National Vulnerability Database".
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22796 βΌ
π Read
via "National Vulnerability Database".
Sysaid Γ’β¬β Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23166 βΌ
π Read
via "National Vulnerability Database".
Sysaid Γ’β¬β Sysaid Local File Inclusion (LFI) Γ’β¬β An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the LFI] Solution: Update to 22.2.20 cloud version, or to 22.1.64 on premise version.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22797 βΌ
π Read
via "National Vulnerability Database".
Sysaid Γ’β¬β sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.π Read
via "National Vulnerability Database".