βΌ CVE-2022-28964 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.π Read
via "National Vulnerability Database".
β 380K Kubernetes API Servers Exposed to Public Internet β
π Read
via "Threat Post".
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.π Read
via "Threat Post".
Threat Post
380K Kubernetes API Servers Exposed to Public Internet
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.
π1
βΌ CVE-2022-25229 βΌ
π Read
via "National Vulnerability Database".
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)'' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the webpage to use 'NodeJs' features, an attacker can leverage this to run OS commands.π Read
via "National Vulnerability Database".
π΄ New Open Source Project Brings Consistent Identity Access to Multicloud π΄
π Read
via "Dark Reading".
Hexa and IDQL allows organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.π Read
via "Dark Reading".
Dark Reading
New Open Source Project Brings Consistent Identity Access to Multicloud
Hexa and IDQL allow organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.
β Closing the Gap Between Application Security and Observability β
π Read
via "Threat Post".
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. π Read
via "Threat Post".
Threat Post
Closing the Gap Between Application Security and Observability
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell.
ποΈ Widespread Swagger-UI library vulnerability leads to DOM XSS attacks ποΈ
π Read
via "The Daily Swig".
Dozens of bugs reported with a backlog containing hundreds moreπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Widespread Swagger-UI library vulnerability leads to DOM XSS attacks
Dozens of bugs reported with a backlog containing hundreds more
β US Government says: Patch VMware right now, or get off our network β
π Read
via "Naked Security".
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.π Read
via "Naked Security".
Naked Security
US Government says: Patch VMware right now, or get off our network
Find and patch. Right now. If you canβt patch, get it off the network. Right now! Oh, and show us what you did to comply.
π΄ Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap π΄
π Read
via "Dark Reading".
To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.π Read
via "Dark Reading".
Dark Reading
Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap
To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.
βΌ CVE-2022-29801 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29021 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29031 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27095 βΌ
π Read
via "National Vulnerability Database".
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27092 βΌ
π Read
via "National Vulnerability Database".
Private Internet Access v3.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28104 βΌ
π Read
via "National Vulnerability Database".
Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28105 βΌ
π Read
via "National Vulnerability Database".
Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28992 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29022 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29878 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the same challenge to reappear for which the correct response is known. This could allow the attacker to access the management interface of the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29320 βΌ
π Read
via "National Vulnerability Database".
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29032 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25227 βΌ
π Read
via "National Vulnerability Database".
Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE.π Read
via "National Vulnerability Database".