βΌ CVE-2022-31875 βΌ
π Read
via "National Vulnerability Database".
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgiπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25871 βΌ
π Read
via "National Vulnerability Database".
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867).π Read
via "National Vulnerability Database".
βΌ CVE-2022-25872 βΌ
π Read
via "National Vulnerability Database".
All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31874 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25852 βΌ
π Read
via "National Vulnerability Database".
All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. **Note:** pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25345 βΌ
π Read
via "National Vulnerability Database".
All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31876 βΌ
π Read
via "National Vulnerability Database".
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21213 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544).π Read
via "National Vulnerability Database".
βΌ CVE-2022-22138 βΌ
π Read
via "National Vulnerability Database".
All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21503 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to Oracle Cloud Infrastructure accessible data. All affected customers were notified of CVE-2022-21503 by Oracle. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)π Read
via "National Vulnerability Database".
βΌ CVE-2022-33981 βΌ
π Read
via "National Vulnerability Database".
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46822 βΌ
π Read
via "National Vulnerability Database".
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46823 βΌ
π Read
via "National Vulnerability Database".
python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33987 βΌ
π Read
via "National Vulnerability Database".
The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.π Read
via "National Vulnerability Database".
π’ Mozilla adds 'Total Cookie Protection' to its browser π’
π Read
via "ITPro".
The new function will separate cookies into a "cookie jar" and prevent user trackingπ Read
via "ITPro".
IT PRO
Mozilla adds 'Total Cookie Protection' to its browser | IT PRO
The new function will separate cookies into a "cookie jar" and prevent user tracking
π’ Businesses need to be more aggressive with their cyber security, Cisco warns π’
π Read
via "ITPro".
Government warnings of Ukraine-Russia cyber war spillover must be heeded in order to stay safeπ Read
via "ITPro".
IT PRO
Businesses need to be more aggressive with their cyber security, Cisco warns | IT PRO
Government warnings of Ukraine-Russia cyber war spillover must be heeded in order to stay safe
π’ IT Pro News In Review: UK 4 day week, ransomware payment rise, IBM cut ties with Russia π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News In Review: UK 4 day week, ransomware payment rise, IBM cut ties with Russia
Catch up on the biggest headlines of the week in just two minutes
π’ Microsoft silent patches called βa grossly irresponsible policyβ π’
π Read
via "ITPro".
Cyber security company Tenable said that the tech giant is putting customers at risk after it found two bugs in Microsoft Azure analytics software, one of which users werenβt made aware ofπ Read
via "ITPro".
ITPro
Microsoft silent patches called βa grossly irresponsible policyβ
Cyber security company Tenable said that the tech giant is putting customers at risk after it found two bugs in Microsoft Azure analytics software, one of which users werenβt made aware of
π’ Using Google Takeout to reclaim your data π’
π Read
via "ITPro".
Everyone knows your data drives the Google machine, but now you can find out exactly what it holds on youπ Read
via "ITPro".
IT PRO
Using Google Takeout to reclaim your data | IT PRO
Everyone knows your data drives the Google machine, but now you can find out exactly what it holds on you
π’ Microsoft bolsters threat intelligence capabilities with Miburo acquisition π’
π Read
via "ITPro".
Cyber threat and research firm will tackle malicious foreign information campaigns as part of Microsoftβs Customer Security and Trust organizationπ Read
via "ITPro".
channelpro
Microsoft bolsters threat intelligence capabilities with Miburo acquisition
Cyber threat and research firm will tackle malicious foreign information campaigns as part of Microsoftβs Customer Security and Trust organization
π’ Atos looks to split up cyber security division as CEO exits π’
π Read
via "ITPro".
The company is set to split into two but so far the news hasnβt been taken well by investors as shares are down by nearly 20%π Read
via "ITPro".
IT PRO
Atos looks to split up cyber security division as CEO exits | IT PRO
The company is set to split into two but so far the news hasnβt been taken well by investors as shares are down by nearly 20%