βΌ CVE-2022-2342 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32567 βΌ
π Read
via "National Vulnerability Database".
The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function.π Read
via "National Vulnerability Database".
β OpenSSL fixes two βone-linerβ crypto bugs β what you need to know β
π Read
via "Naked Security".
"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...π Read
via "Naked Security".
Naked Security
OpenSSL fixes two βone-linerβ crypto bugs β what you need to know
βAs bad as Heartbleedβ? We heard that concern a week ago, but we think itβs less ungood than thatβ¦
ποΈ Fortinet patch batch remedies multiple path traversal vulnerabilities ποΈ
π Read
via "The Daily Swig".
Four high, six medium, and one low severity issue fixedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Fortinet patch batch remedies multiple path traversal vulnerabilities
Four high, six medium, and one low severity issue fixed
π΄ Inside NIST's 4 Crypto Algorithms for a Post-Quantum World π΄
π Read
via "Dark Reading".
With the world potentially less than a decade away from breaking current encryption around critical data, researchers weigh in on planning for the post-quantum world.π Read
via "Dark Reading".
Dark Reading
Inside NIST's 4 Crypto Algorithms for a Post-Quantum World
With the world potentially less than a decade away from breaking current encryption around critical data, researchers weigh in on planning for the post-quantum world.
βΌ CVE-2022-25046 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25047 βΌ
π Read
via "National Vulnerability Database".
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.π Read
via "National Vulnerability Database".
βΌ CVE-2015-1785 βΌ
π Read
via "National Vulnerability Database".
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31854 βΌ
π Read
via "National Vulnerability Database".
Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32206 βΌ
π Read
via "National Vulnerability Database".
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.π Read
via "National Vulnerability Database".
βΌ CVE-2015-3207 βΌ
π Read
via "National Vulnerability Database".
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25048 βΌ
π Read
via "National Vulnerability Database".
Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32208 βΌ
π Read
via "National Vulnerability Database".
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32205 βΌ
π Read
via "National Vulnerability Database".
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32207 βΌ
π Read
via "National Vulnerability Database".
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.π Read
via "National Vulnerability Database".
βΌ CVE-2015-1784 βΌ
π Read
via "National Vulnerability Database".
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34007 βΌ
π Read
via "National Vulnerability Database".
EQS Integrity Line through 2022-07-01 allows a stored XSS via a crafted whistleblower entry.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33996 βΌ
π Read
via "National Vulnerability Database".
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.π Read
via "National Vulnerability Database".
π΄ Cybersecurity Has a Talent Shortage & Non-Technical People Offer a Way Out π΄
π Read
via "Dark Reading".
It's time to tap the large reservoir of talent with analytical skills to help tackle cybersecurity problems. Train workers in cybersecurity details while using their ability to solve problems.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Has a Talent Shortage & Non-Technical People Offer a Way Out
It's time to tap the large reservoir of talent with analytical skills to help tackle cybersecurity problems. Train workers in cybersecurity details while using their ability to solve problems.
ποΈ SMEs slow to adopt MFA β study ποΈ
π Read
via "The Daily Swig".
Authentication shortcomings leave sensitive data at riskπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SMEs slow to adopt MFA β study
Authentication shortcomings leave sensitive data at risk
π΄ Buggy 'Log in With Google' API Implementation Opens Crypto Wallets to Account Takeover π΄
π Read
via "Dark Reading".
Improper implementations of authentication APIs at a global crypto wallet service provider could have resulted in the loss of account control β and millions of dollars β from personal and business accounts.π Read
via "Dark Reading".
Dark Reading
Buggy 'Log in With Google' API Implementation Opens Crypto Wallets to Account Takeover
Improper implementations of authentication APIs at a global crypto wallet service provider could have resulted in the loss of account control β and millions of dollars β from personal and business accounts.