βΌ CVE-2022-29361 βΌ
π Read
via "National Vulnerability Database".
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29359 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.π Read
via "National Vulnerability Database".
ποΈ Malicious Python library CTX removed from PyPI repo ποΈ
π Read
via "The Daily Swig".
A suspicious developer appears to have performed a domain hijack to take over the original projectπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Malicious Python library CTX removed from PyPI repo
A suspicious developer appears to have performed a domain hijack to take over the original project
π΄ DBIR Makes a Case for Passwordless π΄
π Read
via "Dark Reading".
Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks.π Read
via "Dark Reading".
Dark Reading
DBIR Makes a Case for Passwordless
Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks.
π1
β Zoom Patches βZero-Clickβ RCE Bug β
π Read
via "Threat Post".
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.π Read
via "Threat Post".
Threat Post
Zoom Patches βZero-Clickβ RCE Bug
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
β Verizon Report: Ransomware, Human Error Among Top Security Risks β
π Read
via "Threat Post".
2022βs DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.π Read
via "Threat Post".
Threat Post
Verizon Report: Ransomware, Human Error Among Top Security Risks
2022βs DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.
ποΈ Tails users warned not to launch bundled Tor Browser until security fix is released ποΈ
π Read
via "The Daily Swig".
Critical vulnerability has been fixed upstream, but Tails dev team βdoesnβt have the capacity to publish an emergency release earlierβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tails users warned not to launch bundled Tor Browser until security fix is released
Critical vulnerability has been fixed upstream, but Tails dev team βdoesnβt have the capacity to publish an emergency release earlierβ
β Link Found Connecting Chaos, Onyx and Yashma Ransomware β
π Read
via "Threat Post".
A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.π Read
via "Threat Post".
Threat Post
Link Found Connecting Chaos, Onyx and Yashma Ransomware
A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.
π΄ DDoS Extortion Attack Flagged as Possible REvil Resurgence π΄
π Read
via "Dark Reading".
A DDoS campaign observed by Akamai from actors claiming to be REvil would represent a major pivot in tactics for the gang.π Read
via "Dark Reading".
Dark Reading
DDoS Extortion Attack Flagged as Possible REvil Resurgence
A DDoS campaign observed by Akamai from actors claiming to be REvil would represent a major pivot in tactics for the gang.
π΄ Industry 4.0 Points Up Need for Improved Security for Manufacturers π΄
π Read
via "Dark Reading".
With manufacturing ranking as the fourth most targeted sector, manufacturers that understand their exposure will be able to build the necessary security maturity.π Read
via "Dark Reading".
Dark Reading
Industry 4.0 Points Up Need for Improved Security for Manufacturers
With manufacturing ranking as the fourth most targeted sector, manufacturers that understand their exposure will be able to build the necessary security maturity.
βΌ CVE-2022-30595 βΌ
π Read
via "National Vulnerability Database".
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29651 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30321 βΌ
π Read
via "National Vulnerability Database".
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3).π Read
via "National Vulnerability Database".
βΌ CVE-2022-29650 βΌ
π Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29379 βΌ
π Read
via "National Vulnerability Database".
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30323 βΌ
π Read
via "National Vulnerability Database".
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 3 of 3).π Read
via "National Vulnerability Database".
βΌ CVE-2022-1851 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30322 βΌ
π Read
via "National Vulnerability Database".
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 2 of 3).π Read
via "National Vulnerability Database".
βΌ CVE-2021-44974 βΌ
π Read
via "National Vulnerability Database".
radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28862 βΌ
π Read
via "National Vulnerability Database".
In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26945 βΌ
π Read
via "National Vulnerability Database".
HashiCorp go-getter before 2.0.2 allows Command Injection.π Read
via "National Vulnerability Database".