π΄ Open Source Security Gets $150M Boost From Industry Heavy Hitters π΄
π Read
via "Dark Reading".
Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS β and about 97% of software does β will gain more data on security.π Read
via "Dark Reading".
Dark Reading
Open Source Security Gets $30M Boost From Industry Heavy Hitters
Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS β and about 97% of software does β will gain more data on security.
βΌ CVE-2022-30696 βΌ
π Read
via "National Vulnerability Database".
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640π Read
via "National Vulnerability Database".
βΌ CVE-2022-1679 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in the Linux kernelΓ’β¬β’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1731 βΌ
π Read
via "National Vulnerability Database".
Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27442 βΌ
π Read
via "National Vulnerability Database".
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27446 βΌ
π Read
via "National Vulnerability Database".
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33021 βΌ
π Read
via "National Vulnerability Database".
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter Γ’β¬ΛedateΓ’β¬β’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30697 βΌ
π Read
via "National Vulnerability Database".
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640π Read
via "National Vulnerability Database".
βΌ CVE-2022-30695 βΌ
π Read
via "National Vulnerability Database".
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640π Read
via "National Vulnerability Database".
βΌ CVE-2021-33025 βΌ
π Read
via "National Vulnerability Database".
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33001 βΌ
π Read
via "National Vulnerability Database".
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter Γ’β¬ΛbdateΓ’β¬β’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27444 βΌ
π Read
via "National Vulnerability Database".
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.π Read
via "National Vulnerability Database".
π΄ iPhones Open to Attack Even When Off, Researchers Say π΄
π Read
via "Dark Reading".
Wireless chips that run when the iPhone iOS is shut down can be exploited.π Read
via "Dark Reading".
Dark Reading
iPhones Open to Attack Even When Off, Researchers Say
Wireless chips that run when the iPhone iOS is shut down can be exploited.
π΄ 50% of Orgs Rely on Email to Manage Security π΄
π Read
via "Dark Reading".
Even with dedicated identity management tools at their disposal, many companies β smaller ones especially β are sticking with email and spreadsheets for handling permissions.π Read
via "Dark Reading".
Dark Reading
50% of Orgs Rely on Email to Manage Security
Even with dedicated identity management tools at their disposal, many companies β smaller ones especially β are sticking with email and spreadsheets for handling permissions.
π1
π΄ RF Technologies Releases Safe Place Staff Protection for Healthcare Settings π΄
π Read
via "Dark Reading".
RFT is expanding the Safe Place hospital market security system to include staff protection.π Read
via "Dark Reading".
Dark Reading
RF Technologies Releases Safe Place Staff Protection for Healthcare Settings
RFT is expanding the Safe Place hospital market security system to include staff protection.
π΄ TorchLight Expands Cybersecurity Services With MDR Sentinel in Partnership With Microsoft π΄
π Read
via "Dark Reading".
MDR Sentinel expands TorchLightβs leading managed detection and response (MDR) services with turnkey SIEM and SOAR capabilities from Microsoft; TorchLight also announces it attains elite Microsoft Gold Partner Statusπ Read
via "Dark Reading".
Dark Reading
TorchLight Expands Cybersecurity Services With MDR Sentinel in Partnership With Microsoft
MDR Sentinel expands TorchLightβs leading managed detection and response (MDR) services with turnkey SIEM and SOAR capabilities from Microsoft; TorchLight also announces it attains elite Microsoft Gold Partner Status
βΌ CVE-2022-23665 βΌ
π Read
via "National Vulnerability Database".
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1586 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23662 βΌ
π Read
via "National Vulnerability Database".
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23659 βΌ
π Read
via "National Vulnerability Database".
A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23658 βΌ
π Read
via "National Vulnerability Database".
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.π Read
via "National Vulnerability Database".