βΌ CVE-2022-30033 βΌ
π Read
via "National Vulnerability Database".
Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1771 βΌ
π Read
via "National Vulnerability Database".
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30993 βΌ
π Read
via "National Vulnerability Database".
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240π Read
via "National Vulnerability Database".
βΌ CVE-2022-1670 βΌ
π Read
via "National Vulnerability Database".
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1183 βΌ
π Read
via "National Vulnerability Database".
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.π Read
via "National Vulnerability Database".
ποΈ Rogue cloud users could sabotage fellow off-prem tenants via critical Flux flaw ποΈ
π Read
via "The Daily Swig".
Mischief-makers could βdisrupt the availability, integrity and confidentialityβ of other tenantsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Rogue cloud users could sabotage fellow off-prem tenants via critical Flux flaw
Mischief-makers could βdisrupt the availability, integrity and confidentialityβ of other tenants
β Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover β
π Read
via "Threat Post".
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.π Read
via "Threat Post".
Threat Post
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.
π΄ Phishing Attacks for Initial Access Surged 54% in Q1 π΄
π Read
via "Dark Reading".
For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.π Read
via "Dark Reading".
Dark Reading
Phishing Attacks for Initial Access Surged 54% in Q1
For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.
β Pwn2Own hacking schedule released β Windows and Linux are top targets β
π Read
via "Naked Security".
What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?π Read
via "Naked Security".
Naked Security
Pwn2Own hacking schedule released β Windows and Linux are top targets
Whatβs better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?
β S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
Latest episode β listen now!
π΄ 6 Scary Tactics Used in Mobile App Attacks π΄
π Read
via "Dark Reading".
Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.π Read
via "Dark Reading".
ποΈ Encrypted email service CTemplar announces closure ποΈ
π Read
via "The Daily Swig".
Privacy-focused service to shut down by the end of the monthπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Encrypted email service CTemplar announces closure
Privacy-focused service to shut down by the end of the month
βΌ CVE-2022-1785 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
ποΈ Active attacks against VMware flaws prompts emergency update directive ποΈ
π Read
via "The Daily Swig".
CISA orders US federal agencies to implement patches ASAPπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Active attacks against VMware flaws prompts emergency update directive
CISA orders US federal agencies to implement patches ASAP
βΌ CVE-2021-41938 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22976 βΌ
π Read
via "National Vulnerability Database".
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37413 βΌ
π Read
via "National Vulnerability Database".
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26631 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22978 βΌ
π Read
via "National Vulnerability Database".
In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26630 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability in HANDY GroupwareΓ’β¬β’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30018 βΌ
π Read
via "National Vulnerability Database".
Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations.π Read
via "National Vulnerability Database".
β€2