π΄ Cisco Revamps Cloud Security Strategy With New Secure Access, SASE Portfolio π΄
π Read
via "Dark Reading".
The company's vision for the future of cloud security is based on simplified, horizontal coverage across multiple cloud platforms.π Read
via "Dark Reading".
Dark Reading
Cisco Revamps Cloud Security Strategy With New Secure Access, SASE Portfolio
The company's vision for the future of cloud security is based on simplified, horizontal coverage across multiple cloud platforms.
π1
π Key RSA Takeaways From a Newly Minted Digital Guardian π
π Read
via "".
HelpSystems' new Director of Product Management, Data Protection, Wade Barisoff, gives his first impressions of RSA Conference 2022.π Read
via "".
β Feds Forced Travel Firms to Share Surveillance Data on Hacker β
π Read
via "Threat Post".
Sabre and Travelport had to report the weekly activities of former βCardplanetβ cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.π Read
via "Threat Post".
Threat Post
Feds Forced Travel Firms to Share Surveillance Data on Hacker
Sabre and Travelport had to report the weekly activities of former βCardplanetβ cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.
π΄ Cisco Makes Resilience a Cornerstone of Security Strategy π΄
π Read
via "Dark Reading".
Cisco's Jeetu Patel joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the power of information sharing.π Read
via "Dark Reading".
Darkreading
Cisco Makes Resilience a Cornerstone of Security Strategy
Cisco's Jeetu Patel joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the power of information sharing.
βΌ CVE-2022-2027 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25066 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2029 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2014 βΌ
π Read
via "National Vulnerability Database".
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2015 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24969 βΌ
π Read
via "National Vulnerability Database".
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2036 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26377 βΌ
π Read
via "National Vulnerability Database".
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2026 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26363 βΌ
π Read
via "National Vulnerability Database".
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2018 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31031 βΌ
π Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31038 βΌ
π Read
via "National Vulnerability Database".
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1986 βΌ
π Read
via "National Vulnerability Database".
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31813 βΌ
π Read
via "National Vulnerability Database".
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30760 βΌ
π Read
via "National Vulnerability Database".
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26362 βΌ
π Read
via "National Vulnerability Database".
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.π Read
via "National Vulnerability Database".