βΌ CVE-2022-33742 βΌ
π Read
via "National Vulnerability Database".
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).π Read
via "National Vulnerability Database".
βΌ CVE-2022-30289 βΌ
π Read
via "National Vulnerability Database".
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33740 βΌ
π Read
via "National Vulnerability Database".
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).π Read
via "National Vulnerability Database".
βΌ CVE-2022-33741 βΌ
π Read
via "National Vulnerability Database".
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).π Read
via "National Vulnerability Database".
βΌ CVE-2022-30290 βΌ
π Read
via "National Vulnerability Database".
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2304 βΌ
π Read
via "National Vulnerability Database".
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.π Read
via "National Vulnerability Database".
π΄ 3 Cyber Threats Resulting From Today's Technology Choices to Hit Businesses by 2024 π΄
π Read
via "Dark Reading".
Companies need to consider the cost to disengage from the cloud along with proactive risk management that looks at governance issues resulting from heavy use of low- and no-code tools.π Read
via "Dark Reading".
Dark Reading
3 Cyber Threats Resulting From Today's Technology Choices to Hit Businesses by 2024
Companies need to consider the cost to disengage from the cloud along with proactive risk management that looks at governance issues resulting from heavy use of low- and no-code tools.
β Canadian cybercriminal pleads guilty to βNetWalkerβ attacks in US β
π Read
via "Naked Security".
Bust in Canada, now bust in the USA as well.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π OpenSSL Toolkit 1.1.1q π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 1.1.1q β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π C Language Reverse Shell Generator π
π Read
via "Packet Storm Security".
This is a C language reverse shell generator that is written in Python.π Read
via "Packet Storm Security".
Packetstormsecurity
C Language Reverse Shell Generator β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π OpenSSL Toolkit 3.0.5 π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 3.0.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π TripleCross Linux eBPF Rootkit π
π Read
via "Packet Storm Security".
TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON 271, Pat Hogan at DEFCON 292, Guillaume Fournier and Sylvain Afchain also at DEFCON 293, and Kris NΓ³va's Boopkit4. The authors reuse and extend some of the techniques pioneered by these previous explorations of the offensive capabilities of eBPF technology.π Read
via "Packet Storm Security".
Packetstormsecurity
TripleCross Linux eBPF Rootkit β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ CWE Top 25: These are the most dangerous software weaknesses of 2022 ποΈ
π Read
via "The Daily Swig".
CISA and MITREβs latest CWE shakeup reveals the most severe threats impacting enterprise software todayπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CWE Top 25: These are the most dangerous software weaknesses of 2022
CISA and MITREβs latest CWE shakeup reveals the most severe threats impacting enterprise software today
β Google patches βin-the-wildβ Chrome zero-day β update now! β
π Read
via "Naked Security".
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1
ποΈ Spring Data MongoDB hit by another critical SpEL injection flaw ποΈ
π Read
via "The Daily Swig".
Bug mirrors recent SpEL injection vulnerability that emerged alongside βSpringShellβ issueπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Spring Data MongoDB hit by another critical SpEL injection flaw
Bug mirrors recent SpEL injection vulnerability that emerged alongside βSpringShellβ issue
βΌ CVE-2021-43116 βΌ
π Read
via "National Vulnerability Database".
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31836 βΌ
π Read
via "National Vulnerability Database".
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.π Read
via "National Vulnerability Database".
π΄ Google Chrome WebRTC Zero-Day Faces Active Exploitation π΄
π Read
via "Dark Reading".
The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.π Read
via "Dark Reading".
Dark Reading
Google Chrome WebRTC Zero-Day Faces Active Exploitation
The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.
π΄ Why Browser Vulnerabilities Are a Serious Threat β and How to Minimize Your Risk π΄
π Read
via "Dark Reading".
As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.π Read
via "Dark Reading".
Dark Reading
Why Browser Vulnerabilities Are a Serious Threat β and How to Minimize Your Risk
As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.
βΌ CVE-2022-31770 βΌ
π Read
via "National Vulnerability Database".
IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34879 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.π Read
via "National Vulnerability Database".