βΌ CVE-2022-32564 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31054 βΌ
π Read
via "National Vulnerability Database".
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1.π Read
via "National Vulnerability Database".
π΄ Corel Acquires Awingu π΄
π Read
via "Dark Reading".
The combination of Awingu and the Parallels Remote Application Server platform will enable end users to securely work from anywhere, at any time, on any device, or OS.π Read
via "Dark Reading".
Dark Reading
Corel Acquires Awingu
The combination of Awingu and the Parallels Remote Application Server platform will enable end users to securely work from anywhere, at any time, on any device, or OS.
βΌ CVE-2021-41661 βΌ
π Read
via "National Vulnerability Database".
Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32192 βΌ
π Read
via "National Vulnerability Database".
Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32278 βΌ
π Read
via "National Vulnerability Database".
XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41662 βΌ
π Read
via "National Vulnerability Database".
The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29257 βΌ
π Read
via "National Vulnerability Database".
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32565 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32562 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission.π Read
via "National Vulnerability Database".
βοΈ βDownthemβ DDoS-for-Hire Boss Gets 2 Years in Prison βοΈ
π Read
via "Krebs on Security".
A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites.π Read
via "Krebs on Security".
Krebsonsecurity
βDownthemβ DDoS-for-Hire Boss Gets 2 Years in Prison
A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands ofβ¦
βΌ CVE-2022-31447 βΌ
π Read
via "National Vulnerability Database".
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31446 βΌ
π Read
via "National Vulnerability Database".
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31415 βΌ
π Read
via "National Vulnerability Database".
Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php.π Read
via "National Vulnerability Database".
β Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach β
π Read
via "Threat Post".
Attackers gained access to private account details through an email compromise incident that occurred in April.π Read
via "Threat Post".
Threat Post
Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach
Attackers gained access to private account details through an email compromise incident that occurred in April.
βΌ CVE-2021-30345 βΌ
π Read
via "National Vulnerability Database".
RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30350 βΌ
π Read
via "National Vulnerability Database".
Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30281 βΌ
π Read
via "National Vulnerability Database".
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-30340 βΌ
π Read
via "National Vulnerability Database".
Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2021-35098 βΌ
π Read
via "National Vulnerability Database".
Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-32254 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker.π Read
via "National Vulnerability Database".