βΌ CVE-2022-33743 βΌ
π Read
via "National Vulnerability Database".
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43702 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26365 βΌ
π Read
via "National Vulnerability Database".
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).π Read
via "National Vulnerability Database".
βΌ CVE-2022-33742 βΌ
π Read
via "National Vulnerability Database".
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).π Read
via "National Vulnerability Database".
βΌ CVE-2022-30289 βΌ
π Read
via "National Vulnerability Database".
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33740 βΌ
π Read
via "National Vulnerability Database".
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).π Read
via "National Vulnerability Database".
βΌ CVE-2022-33741 βΌ
π Read
via "National Vulnerability Database".
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).π Read
via "National Vulnerability Database".
βΌ CVE-2022-30290 βΌ
π Read
via "National Vulnerability Database".
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2304 βΌ
π Read
via "National Vulnerability Database".
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.π Read
via "National Vulnerability Database".
π΄ 3 Cyber Threats Resulting From Today's Technology Choices to Hit Businesses by 2024 π΄
π Read
via "Dark Reading".
Companies need to consider the cost to disengage from the cloud along with proactive risk management that looks at governance issues resulting from heavy use of low- and no-code tools.π Read
via "Dark Reading".
Dark Reading
3 Cyber Threats Resulting From Today's Technology Choices to Hit Businesses by 2024
Companies need to consider the cost to disengage from the cloud along with proactive risk management that looks at governance issues resulting from heavy use of low- and no-code tools.
β Canadian cybercriminal pleads guilty to βNetWalkerβ attacks in US β
π Read
via "Naked Security".
Bust in Canada, now bust in the USA as well.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π OpenSSL Toolkit 1.1.1q π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 1.1.1q β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π C Language Reverse Shell Generator π
π Read
via "Packet Storm Security".
This is a C language reverse shell generator that is written in Python.π Read
via "Packet Storm Security".
Packetstormsecurity
C Language Reverse Shell Generator β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π OpenSSL Toolkit 3.0.5 π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 3.0.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π TripleCross Linux eBPF Rootkit π
π Read
via "Packet Storm Security".
TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON 271, Pat Hogan at DEFCON 292, Guillaume Fournier and Sylvain Afchain also at DEFCON 293, and Kris NΓ³va's Boopkit4. The authors reuse and extend some of the techniques pioneered by these previous explorations of the offensive capabilities of eBPF technology.π Read
via "Packet Storm Security".
Packetstormsecurity
TripleCross Linux eBPF Rootkit β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ CWE Top 25: These are the most dangerous software weaknesses of 2022 ποΈ
π Read
via "The Daily Swig".
CISA and MITREβs latest CWE shakeup reveals the most severe threats impacting enterprise software todayπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CWE Top 25: These are the most dangerous software weaknesses of 2022
CISA and MITREβs latest CWE shakeup reveals the most severe threats impacting enterprise software today
β Google patches βin-the-wildβ Chrome zero-day β update now! β
π Read
via "Naked Security".
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1
ποΈ Spring Data MongoDB hit by another critical SpEL injection flaw ποΈ
π Read
via "The Daily Swig".
Bug mirrors recent SpEL injection vulnerability that emerged alongside βSpringShellβ issueπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Spring Data MongoDB hit by another critical SpEL injection flaw
Bug mirrors recent SpEL injection vulnerability that emerged alongside βSpringShellβ issue
βΌ CVE-2021-43116 βΌ
π Read
via "National Vulnerability Database".
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31836 βΌ
π Read
via "National Vulnerability Database".
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.π Read
via "National Vulnerability Database".
π΄ Google Chrome WebRTC Zero-Day Faces Active Exploitation π΄
π Read
via "Dark Reading".
The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.π Read
via "Dark Reading".
Dark Reading
Google Chrome WebRTC Zero-Day Faces Active Exploitation
The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.