βΌ CVE-2022-1723 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2013-10001 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26650 βΌ
π Read
via "National Vulnerability Database".
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3.π Read
via "National Vulnerability Database".
ποΈ Firefox debuts improved process isolation to reduce browser attack surface ποΈ
π Read
via "The Daily Swig".
The goal was Win32k Lockdown β a serious step up in Windows securityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Firefox debuts improved process isolation to reduce browser attack surface
The goal was Win32k Lockdown β a serious step up in Windows security
β iPhones Vulnerable to Attack Even When Turned Off β
π Read
via "Threat Post".
Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.π Read
via "Threat Post".
Threat Post
iPhones Vulnerable to Attack Even When Turned Off
Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.
β Sysrv-K Botnet Targets Windows, Linux β
π Read
via "Threat Post".
Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.π Read
via "Threat Post".
Threat Post
Sysrv-K Botnet Targets Windows, Linux
Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.
βΌ CVE-2022-1711 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42643 βΌ
π Read
via "National Vulnerability Database".
cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42644 βΌ
π Read
via "National Vulnerability Database".
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.π Read
via "National Vulnerability Database".
ποΈ Medical doctor charged with creating the Thanos ransomware builder ποΈ
π Read
via "The Daily Swig".
Venezuelan cardiologist allegedly tied to cybercrime scams through multiple OpSec mistakesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Medical doctor charged with creating the Thanos ransomware builder
Venezuelan cardiologist allegedly tied to cybercrime scams through multiple OpSec mistakes
ποΈ βEternity malwareβ offers Swiss Army knife of cybercrime tools ποΈ
π Read
via "The Daily Swig".
A one-stop shop for data and crypto kleptomaniacsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βEternity malwareβ offers Swiss Army knife of cybercrime tools
A one-stop shop for data and crypto kleptomaniacs
βΌ CVE-2022-30970 βΌ
π Read
via "National Vulnerability Database".
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30961 βΌ
π Read
via "National Vulnerability Database".
Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30951 βΌ
π Read
via "National Vulnerability Database".
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30963 βΌ
π Read
via "National Vulnerability Database".
Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30959 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30948 βΌ
π Read
via "National Vulnerability Database".
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30958 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30956 βΌ
π Read
via "National Vulnerability Database".
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30962 βΌ
π Read
via "National Vulnerability Database".
Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30954 βΌ
π Read
via "National Vulnerability Database".
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.π Read
via "National Vulnerability Database".