βΌ CVE-2022-31001 βΌ
π Read
via "National Vulnerability Database".
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31011 βΌ
π Read
via "National Vulnerability Database".
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31003 βΌ
π Read
via "National Vulnerability Database".
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31007 βΌ
π Read
via "National Vulnerability Database".
eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31013 βΌ
π Read
via "National Vulnerability Database".
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1808 βΌ
π Read
via "National Vulnerability Database".
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31015 βΌ
π Read
via "National Vulnerability Database".
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1893 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-1947 βΌ
π Read
via "National Vulnerability Database".
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1285 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.π Read
via "National Vulnerability Database".
β Microsoft Releases Workaround for βOne-Clickβ 0Day Under Active Attack β
π Read
via "Threat Post".
Threat actors already are exploiting vulnerability, dubbed βFollinaβ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.π Read
via "Threat Post".
Threat Post
Microsoft Releases Workaround for βOne-Clickβ 0Day Under Active Attack
Threat actors already are exploiting vulnerability, dubbed βFollinaβ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.
βΌ CVE-2022-29875 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.π Read
via "National Vulnerability Database".
β Mysterious βFollinaβ zero-day hole in Office β hereβs what to do! β
π Read
via "Naked Security".
News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Distinguishing AI Hype From Reality in SecOps π΄
π Read
via "Dark Reading".
AI and ML are important SecOps tools, but human involvement is still required.π Read
via "Dark Reading".
Dark Reading
Distinguishing AI Hype From Reality in SecOps
AI and ML are important SecOps tools, but human involvement is still required.
β Firefox 101 is out, this time with no 0-day scares (but update anyway!) β
π Read
via "Naked Security".
After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.π Read
via "Naked Security".
Naked Security
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
After an intriguing month of Firefox releases, hereβs one with a bit less drama, probably to the collective relief of Mozillaβs coders.
ποΈ Horde Webmail contains zero-day RCE bug with no patch on the horizon ποΈ
π Read
via "The Daily Swig".
CSRF exploit requires user to open malicious emailπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Horde Webmail contains zero-day RCE bug with no patch on the horizon
CSRF exploit requires user to open malicious email
βΌ CVE-2020-26184 βΌ
π Read
via "National Vulnerability Database".
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-29098 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26185 βΌ
π Read
via "National Vulnerability Database".
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.π Read
via "National Vulnerability Database".
ποΈ US export ban on hacking tools tweaked after public consultation ποΈ
π Read
via "The Daily Swig".
Government has sought to allay misgivings of cybersecurity industryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US export ban on hacking tools tweaked after public consultation
Government has sought to allay misgivings of cybersecurity industry
π΄ StorCentric Launches Nexsan EZ-NAS -Network-Attached Storage for SMBs and Enterprise Edge Deployments π΄
π Read
via "Dark Reading".
EZ-NAS also provides add-on data backup, cloud connector and ransomware anomaly detection.π Read
via "Dark Reading".
Dark Reading
StorCentric Launches Nexsan EZ-NAS -Network-Attached Storage for SMBs and Enterprise Edge Deployments
EZ-NAS also provides add-on data backup, cloud connector and ransomware anomaly detection.