βΌ CVE-2022-24831 βΌ
π Read
via "National Vulnerability Database".
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has been patched in 3.16.1, 3.15.9, 3.14.1, and 3.13.1 and users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24830 βΌ
π Read
via "National Vulnerability Database".
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known workarounds. This issue has been patched and users are recommended to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1379 βΌ
π Read
via "National Vulnerability Database".
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.π Read
via "National Vulnerability Database".
π΄ How to Turn a Coke Can Into an Eavesdropping Device π΄
π Read
via "Dark Reading".
Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.π Read
via "Dark Reading".
Dark Reading
How to Turn a Coke Can Into an Eavesdropping Device
Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.
π€1
βΌ CVE-2021-41965 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.π Read
via "National Vulnerability Database".
π1
β He sold cracked passwords for a living β now heβs serving 4 years in prison β
π Read
via "Naked Security".
Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...π Read
via "Naked Security".
β€2π1
β Firefox out-of-band update to 100.0.1 β just in time for Pwn2Own? β
π Read
via "Naked Security".
A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.π Read
via "Naked Security".
Naked Security
Firefox out-of-band update to 100.0.1 β just in time for Pwn2Own?
A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.
βΌ CVE-2022-30763 βΌ
π Read
via "National Vulnerability Database".
Janet before 1.22.0 mishandles arrays.π Read
via "National Vulnerability Database".
π2
βΌ CVE-2022-30779 βΌ
π Read
via "National Vulnerability Database".
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttp\Cookie\FileCookieJar.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30778 βΌ
π Read
via "National Vulnerability Database".
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and dispatch($command) in Illuminate\Bus\QueueingDispatcher.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30767 βΌ
π Read
via "National Vulnerability Database".
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30775 βΌ
π Read
via "National Vulnerability Database".
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30770 βΌ
π Read
via "National Vulnerability Database".
Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30765 βΌ
π Read
via "National Vulnerability Database".
Calibre-Web before 0.6.18 allows user table SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30781 βΌ
π Read
via "National Vulnerability Database".
Gitea before 1.6.7 does not escape git fetch remote.π Read
via "National Vulnerability Database".
ποΈ Parker Hannifin reveals cyber-attack exposed sensitive employee data ποΈ
π Read
via "The Daily Swig".
Data breach involves Social Security numbers and health insurance data, among other informationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Parker Hannifin reveals cyber-attack exposed sensitive employee data
Data breach involves Social Security numbers and health insurance data, among other information
π1
β Microsoftβs May Patch Tuesday Updates Cause Windows AD Authentication Errors β
π Read
via "Threat Post".
Microsoft's May Patch Tuesday update is triggering authentication errors.π Read
via "Threat Post".
Threat Post
Microsoftβs May Patch Tuesday Updates Cause Windows AD Authentication Errors
Microsoft's May Patch Tuesday update is triggering authentication errors.
π’ Panda Free Antivirus review: A free security tool with a personality all of its own π’
π Read
via "ITPro".
There's plenty to like here, including excellent malware protection, but this security package has some notable shortcomingsπ Read
via "ITPro".
IT PRO
Panda Free Antivirus review: A free security tool with a personality all of its own | IT PRO
There's plenty to like here, including excellent malware protection, but this security package has some notable shortcomings
π’ WannaCry's ghost is still wreaking havoc π’
π Read
via "ITPro".
A retooled version of the infamous ransomware strain continues to haunt corporate networks around the worldπ Read
via "ITPro".
ITPro
WannaCry's ghost is still wreaking havoc five years on
A retooled version of the infamous ransomware strain continues to haunt corporate networks around the world
π’ Windows Server admins say latest Patch Tuesday broke authentication policies π’
π Read
via "ITPro".
Microsoft has issued a workaround for the certificate-mapping issue, but many have already rolled back the updates to avoid operational disruptionπ Read
via "ITPro".
ITPro
Windows Server admins say latest Patch Tuesday broke authentication policies
Microsoft has issued a workaround for the certificate-mapping issue, but many have already rolled back the updates to avoid operational disruption
π’ The rise of double extortion ransomware π’
π Read
via "ITPro".
With the use of this tactic increasing, we look at how you can protect your businessπ Read
via "ITPro".
ITPro
The rise of double extortion ransomware
With the use of this tactic increasing, we look at how you can protect your business