‼ CVE-2021-42851 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22778 ‼
📖 Read
via "National Vulnerability Database".
The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42704 ‼
📖 Read
via "National Vulnerability Database".
Inkscape version 0.19 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28924 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1734 ‼
📖 Read
via "National Vulnerability Database".
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30105 ‼
📖 Read
via "National Vulnerability Database".
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22777 ‼
📖 Read
via "National Vulnerability Database".
The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29445 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42850 ‼
📖 Read
via "National Vulnerability Database".
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.📖 Read
via "National Vulnerability Database".
🔏 How to Prevent Weak and Exploited Security Controls 🔏
📖 Read
via "".
A new cybersecurity alert is encouraging organizations to strengthen weak security controls commonly used by attackers to gain access to systems.📖 Read
via "".
Fortra
How to Prevent Weak and Exploited Security Controls
A new cybersecurity alert is encouraging organizations to strengthen weak security controls commonly used by attackers to gain access to systems.
🕴 Lacework Integrates Kubernetes Features to Enhance Security Across Multi-Cloud Environments 🕴
📖 Read
via "Dark Reading".
Polygraph Data Platform adds Kubernetes audit log monitoring, integration with Kubernetes admission controller, and Infrastructure as Code (IaC) security to help seamlessly integrate security into developer workflows.📖 Read
via "Dark Reading".
Dark Reading
Lacework Integrates Kubernetes Features to Enhance Security Across Multi-Cloud Environments
Polygraph Data Platform adds Kubernetes audit log monitoring, integration with Kubernetes admission controller, and Infrastructure as Code (IaC) security to help seamlessly integrate security into developer workflows.
‼ CVE-2022-30597 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25617 ‼
📖 Read
via "National Vulnerability Database".
Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30598 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30599 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30600 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28921 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-30111 ‼
📖 Read
via "National Vulnerability Database".
Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks.📖 Read
via "National Vulnerability Database".
🕴 How Pwn2Own Made Bug Hunting a Real Sport 🕴
📖 Read
via "Dark Reading".
From a scrappy contest where hackers tried to win laptops, Pwn2Own has grown into a premier event that has helped normalize bug hunting.📖 Read
via "Dark Reading".
Dark Reading
How Pwn2Own Made Bug Hunting a Real Sport
From a scrappy contest where hackers tried to win laptops, Pwn2Own has grown into a premier event that has helped normalize bug hunting.
🕴 CISA to Federal Agencies: Patch VMWare Products Now or Take Them Offline 🕴
📖 Read
via "Dark Reading".
Last month attackers quickly reverse-engineered VMWare patches to launch RCE attacks. CISA warns it's going to happen again.📖 Read
via "Dark Reading".
Dark Reading
CISA to Federal Agencies: Patch VMware Products Now or Take Them Offline
Last month attackers quickly reverse-engineered VMware patches to launch RCE attacks. CISA warns it's going to happen again.
🕴 MITRE Creates Framework for Supply Chain Security 🕴
📖 Read
via "Dark Reading".
System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.📖 Read
via "Dark Reading".
Dark Reading
MITRE Creates Framework for Supply Chain Security
System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.