‼ CVE-2022-29651 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30321 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29650 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29379 ‼
📖 Read
via "National Vulnerability Database".
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30323 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 3 of 3).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1851 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30322 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 2 of 3).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44974 ‼
📖 Read
via "National Vulnerability Database".
radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28862 ‼
📖 Read
via "National Vulnerability Database".
In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26945 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp go-getter before 2.0.2 allows Command Injection.📖 Read
via "National Vulnerability Database".
🗓️ Volatile market for stolen credit card data shaken up by sanctions against Russia 🗓️
📖 Read
via "The Daily Swig".
Illicit trade still flourishing despite recent law enforcement takedowns📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Volatile market for stolen credit card data shaken up by sanctions against Russia
Illicit trade still flourishing despite recent law enforcement takedowns
‼ CVE-2021-32989 ‼
📖 Read
via "National Vulnerability Database".
When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29380 ‼
📖 Read
via "National Vulnerability Database".
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1678 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32966 ‼
📖 Read
via "National Vulnerability Database".
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32997 ‼
📖 Read
via "National Vulnerability Database".
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22127 ‼
📖 Read
via "National Vulnerability Database".
Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35487 ‼
📖 Read
via "National Vulnerability Database".
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data.📖 Read
via "National Vulnerability Database".
🕴 Spring Cleaning Checklist for Keeping Your Devices Safe at Work 🕴
📖 Read
via "Dark Reading".
Implement zero-trust policies for greater control, use BYOD management tools, and take proactive steps such as keeping apps current and training staff to keep sensitive company data safe and employees' devices secure.📖 Read
via "Dark Reading".
Dark Reading
Spring Cleaning Checklist for Keeping Your Devices Safe at Work
Implement zero-trust policies for greater control, use BYOD management tools, and take proactive steps such as keeping apps current and training staff to keep sensitive company data safe and employees' devices secure.
🕴 CLOP Ransomware Activity Spiked in April 🕴
📖 Read
via "Dark Reading".
In just one month, the ransomware group's activity rose by 2,100%, a new report finds.📖 Read
via "Dark Reading".
Dark Reading
CLOP Ransomware Activity Spiked in April
In just one month, the ransomware group's activity rose by 2,100%, a new report finds.
🕴 Brexit Leak Site Linked to Russian Hackers 🕴
📖 Read
via "Dark Reading".
Purporting to publish leaked emails of pro-Brexit leadership in the UK, a new site's operations have been traced to Russian cyber-threat actors, Google says.📖 Read
via "Dark Reading".
Dark Reading
Brexit Leak Site Linked to Russian Hackers
Purporting to publish leaked emails of pro-Brexit leadership in the UK, a new site's operations have been traced to Russian cyber-threat actors, Google says.