‼ CVE-2021-3435 ‼
📖 Read
via "National Vulnerability Database".
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3434 ‼
📖 Read
via "National Vulnerability Database".
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31883 ‼
📖 Read
via "National Vulnerability Database".
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24444 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19897 ‼
📖 Read
via "National Vulnerability Database".
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31884 ‼
📖 Read
via "National Vulnerability Database".
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31887 ‼
📖 Read
via "National Vulnerability Database".
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29858 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/assets through 1.10 allows XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25238 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41559 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19896 ‼
📖 Read
via "National Vulnerability Database".
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20108 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20112 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20109 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20110 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20111 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.📖 Read
via "National Vulnerability Database".
🗓️ YARAify: Defensive tool scans suspicious files against a large repository of YARA rules 🗓️
📖 Read
via "The Daily Swig".
Team behind Abuse.ch and ThreatFox launch new hub for scanning and hunting files using YARA📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
YARAify: Defensive tool scans suspicious files against a large repository of YARA rules
Team behind Abuse.ch and ThreatFox launch new hub for scanning and hunting files using YARA
‼ CVE-2021-40642 ‼
📖 Read
via "National Vulnerability Database".
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.📖 Read
via "National Vulnerability Database".
❌ Patchable and Preventable Security Issues Lead Causes of Q1 Attacks ❌
📖 Read
via "Threat Post".
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.📖 Read
via "Threat Post".
Threat Post
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.
👍2
‼ CVE-2022-33036 ‼
📖 Read
via "National Vulnerability Database".
A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33021 ‼
📖 Read
via "National Vulnerability Database".
CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30.📖 Read
via "National Vulnerability Database".