π Cybersecurity, Data Protection Top Litigation Concerns π
π Read
via "".
A survey of in-house counsel at organizations worldwide suggests cybersecurity and data protection disputes were top of mind in 2021.π Read
via "".
βΌ CVE-2021-40589 βΌ
π Read
via "National Vulnerability Database".
ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30877 βΌ
π Read
via "National Vulnerability Database".
The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40592 βΌ
π Read
via "National Vulnerability Database".
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.π Read
via "National Vulnerability Database".
π΄ Lookout: Getting It Right at the Secure Service Edge π΄
π Read
via "Dark Reading".
Lookout's Jim Dolce joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the advantages of Secure Service Edge.π Read
via "Dark Reading".
Darkreading
Getting It Right at the Secure Service Edge
Lookout's Jim Dolce joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the advantages of Secure Service Edge.
βΌ CVE-2022-31313 βΌ
π Read
via "National Vulnerability Database".
api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30882 βΌ
π Read
via "National Vulnerability Database".
pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package will be installed.π Read
via "National Vulnerability Database".
π΄ Concentric: How To Maximize Your AI Returns, In and Out of the SOC π΄
π Read
via "Dark Reading".
Concentric AI's Karthik Krishnan joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss how artificial intelligence has transformed the security landscape.π Read
via "Dark Reading".
Darkreading
ConcentricAI: How To Maximize Your AI Returns, In and Out of the SOC
Concentric AI's Karthik Krishnan joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss how artificial intelligence has transformed the security landscape.
π΄ DeepSurface Security: Risk-Based Prioritization Adds New Depth to Vulnerability Management π΄
π Read
via "Dark Reading".
DeepSurface's Tim Morgan joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss how to fortify vulnerability management.π Read
via "Dark Reading".
Darkreading
DeepSurface Security: Risk-Based Prioritization Adds New Depth to Vulnerability Management
DeepSurface's Tim Morgan joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss how to fortify vulnerability management.
π΄ Anjuna Security: Tapping βConfidential Computingβ to Secure Data, Users, and Organizations π΄
π Read
via "Dark Reading".
Anjuna Security's Ayal Yogev joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss how confidential computing will improve cloud security.π Read
via "Dark Reading".
Dark Reading
Anjuna Security: Tapping βConfidential Computingβ to Secure Data, Users, and Organizations
Anjuna Security's Ayal Yogev joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss how confidential computing will improve cloud security.
π΄ Security & Productivity: The New Power Couple π΄
π Read
via "Dark Reading".
Seemplicity's Ravid Circus joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk up accelerating time-to-remediation and reducing risk.π Read
via "Dark Reading".
Darkreading
Security & Productivity: The New Power Couple
Seemplicity's Ravid Circus joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk up accelerating time-to-remediation and reducing risk.
βΌ CVE-2022-25804 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32195 βΌ
π Read
via "National Vulnerability Database".
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30075 βΌ
π Read
via "National Vulnerability Database".
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31649 βΌ
π Read
via "National Vulnerability Database".
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25807 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31496 βΌ
π Read
via "National Vulnerability Database".
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24840 βΌ
π Read
via "National Vulnerability Database".
django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location only. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, prior to the release of the patch. The vulnerability has been fixed in version 5.5.1 and above. There is no feasible workaround. We must urge all users to immediately updated to a patched version.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29014 βΌ
π Read
via "National Vulnerability Database".
A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29013 βΌ
π Read
via "National Vulnerability Database".
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25805 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials.π Read
via "National Vulnerability Database".