β Closing the Gap Between Application Security and Observability β
π Read
via "Threat Post".
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. π Read
via "Threat Post".
Threat Post
Closing the Gap Between Application Security and Observability
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell.
ποΈ Widespread Swagger-UI library vulnerability leads to DOM XSS attacks ποΈ
π Read
via "The Daily Swig".
Dozens of bugs reported with a backlog containing hundreds moreπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Widespread Swagger-UI library vulnerability leads to DOM XSS attacks
Dozens of bugs reported with a backlog containing hundreds more
β US Government says: Patch VMware right now, or get off our network β
π Read
via "Naked Security".
Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.π Read
via "Naked Security".
Naked Security
US Government says: Patch VMware right now, or get off our network
Find and patch. Right now. If you canβt patch, get it off the network. Right now! Oh, and show us what you did to comply.
π΄ Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap π΄
π Read
via "Dark Reading".
To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.π Read
via "Dark Reading".
Dark Reading
Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap
To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.
βΌ CVE-2022-29801 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29021 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29031 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27095 βΌ
π Read
via "National Vulnerability Database".
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27092 βΌ
π Read
via "National Vulnerability Database".
Private Internet Access v3.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28104 βΌ
π Read
via "National Vulnerability Database".
Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28105 βΌ
π Read
via "National Vulnerability Database".
Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28992 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29022 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29878 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the same challenge to reappear for which the correct response is known. This could allow the attacker to access the management interface of the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29320 βΌ
π Read
via "National Vulnerability Database".
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29032 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25227 βΌ
π Read
via "National Vulnerability Database".
Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29033 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29029 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27094 βΌ
π Read
via "National Vulnerability Database".
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-27640 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by performing ARP storming attacks, which can cause the device to reboot.π Read
via "National Vulnerability Database".