βΌ CVE-2022-28961 βΌ
π Read
via "National Vulnerability Database".
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28960 βΌ
π Read
via "National Vulnerability Database".
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28948 βΌ
π Read
via "National Vulnerability Database".
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28959 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29304 βΌ
π Read
via "National Vulnerability Database".
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4107 βΌ
π Read
via "National Vulnerability Database".
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28987 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADSelfService Plus v6.1 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28965 βΌ
π Read
via "National Vulnerability Database".
Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34111 βΌ
π Read
via "National Vulnerability Database".
Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21500 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in Oracle E-Business Suite (component: Manage Proxies). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-28985 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28964 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.π Read
via "National Vulnerability Database".
β 380K Kubernetes API Servers Exposed to Public Internet β
π Read
via "Threat Post".
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.π Read
via "Threat Post".
Threat Post
380K Kubernetes API Servers Exposed to Public Internet
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.
π1
βΌ CVE-2022-25229 βΌ
π Read
via "National Vulnerability Database".
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)'' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the webpage to use 'NodeJs' features, an attacker can leverage this to run OS commands.π Read
via "National Vulnerability Database".
π΄ New Open Source Project Brings Consistent Identity Access to Multicloud π΄
π Read
via "Dark Reading".
Hexa and IDQL allows organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.π Read
via "Dark Reading".
Dark Reading
New Open Source Project Brings Consistent Identity Access to Multicloud
Hexa and IDQL allow organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.
β Closing the Gap Between Application Security and Observability β
π Read
via "Threat Post".
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. π Read
via "Threat Post".
Threat Post
Closing the Gap Between Application Security and Observability
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell.
ποΈ Widespread Swagger-UI library vulnerability leads to DOM XSS attacks ποΈ
π Read
via "The Daily Swig".
Dozens of bugs reported with a backlog containing hundreds moreπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Widespread Swagger-UI library vulnerability leads to DOM XSS attacks
Dozens of bugs reported with a backlog containing hundreds more
β US Government says: Patch VMware right now, or get off our network β
π Read
via "Naked Security".
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.π Read
via "Naked Security".
Naked Security
US Government says: Patch VMware right now, or get off our network
Find and patch. Right now. If you canβt patch, get it off the network. Right now! Oh, and show us what you did to comply.
π΄ Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap π΄
π Read
via "Dark Reading".
To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.π Read
via "Dark Reading".
Dark Reading
Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap
To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.
βΌ CVE-2022-29801 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29021 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device.π Read
via "National Vulnerability Database".