π΄ Ransomware and Phishing Remain IT's Biggest Concerns π΄
π Read
via "Dark Reading".
Security teams β who are already fighting off malware challenges β are also facing renewed attacks on cloud assets and remote systems.π Read
via "Dark Reading".
Dark Reading
Ransomware and Phishing Remain IT's Biggest Concerns
Security teams β who are already fighting off malware challenges β are also facing renewed attacks on cloud assets and remote systems.
βΌ CVE-2022-25856 βΌ
π Read
via "National Vulnerability Database".
The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as ...π Read
via "National Vulnerability Database".
βΌ CVE-2022-31873 βΌ
π Read
via "National Vulnerability Database".
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31875 βΌ
π Read
via "National Vulnerability Database".
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgiπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25871 βΌ
π Read
via "National Vulnerability Database".
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867).π Read
via "National Vulnerability Database".
βΌ CVE-2022-25872 βΌ
π Read
via "National Vulnerability Database".
All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31874 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25852 βΌ
π Read
via "National Vulnerability Database".
All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. **Note:** pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25345 βΌ
π Read
via "National Vulnerability Database".
All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31876 βΌ
π Read
via "National Vulnerability Database".
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21213 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544).π Read
via "National Vulnerability Database".
βΌ CVE-2022-22138 βΌ
π Read
via "National Vulnerability Database".
All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21503 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to Oracle Cloud Infrastructure accessible data. All affected customers were notified of CVE-2022-21503 by Oracle. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)π Read
via "National Vulnerability Database".
βΌ CVE-2022-33981 βΌ
π Read
via "National Vulnerability Database".
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46822 βΌ
π Read
via "National Vulnerability Database".
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46823 βΌ
π Read
via "National Vulnerability Database".
python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33987 βΌ
π Read
via "National Vulnerability Database".
The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.π Read
via "National Vulnerability Database".
π’ Mozilla adds 'Total Cookie Protection' to its browser π’
π Read
via "ITPro".
The new function will separate cookies into a "cookie jar" and prevent user trackingπ Read
via "ITPro".
IT PRO
Mozilla adds 'Total Cookie Protection' to its browser | IT PRO
The new function will separate cookies into a "cookie jar" and prevent user tracking
π’ Businesses need to be more aggressive with their cyber security, Cisco warns π’
π Read
via "ITPro".
Government warnings of Ukraine-Russia cyber war spillover must be heeded in order to stay safeπ Read
via "ITPro".
IT PRO
Businesses need to be more aggressive with their cyber security, Cisco warns | IT PRO
Government warnings of Ukraine-Russia cyber war spillover must be heeded in order to stay safe
π’ IT Pro News In Review: UK 4 day week, ransomware payment rise, IBM cut ties with Russia π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News In Review: UK 4 day week, ransomware payment rise, IBM cut ties with Russia
Catch up on the biggest headlines of the week in just two minutes
π’ Microsoft silent patches called βa grossly irresponsible policyβ π’
π Read
via "ITPro".
Cyber security company Tenable said that the tech giant is putting customers at risk after it found two bugs in Microsoft Azure analytics software, one of which users werenβt made aware ofπ Read
via "ITPro".
ITPro
Microsoft silent patches called βa grossly irresponsible policyβ
Cyber security company Tenable said that the tech giant is putting customers at risk after it found two bugs in Microsoft Azure analytics software, one of which users werenβt made aware of