βΌ CVE-2022-22476 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2015-3260 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35410 βΌ
π Read
via "National Vulnerability Database".
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34914 βΌ
π Read
via "National Vulnerability Database".
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). A client can thus inject multiple arguments into the session startup. Systems that do not use the clientIP variable in the configuration are not vulnerable. The vulnerability is fixed in these versions: 20.1.16, 20.2.19, 21.1.8, 21.2.12, and 22.1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2015-3263 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22464 βΌ
π Read
via "National Vulnerability Database".
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22465 βΌ
π Read
via "National Vulnerability Database".
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2344 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.π Read
via "National Vulnerability Database".
βΌ CVE-2015-1837 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2015-5598 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.π Read
via "National Vulnerability Database".
π΄ Microsoft Reverses Course on Blocking Office Macros by Default π΄
π Read
via "Dark Reading".
Security experts criticize company for reversing course on a decision it made just this February to block macros in files downloaded from the Internet.π Read
via "Dark Reading".
Dark Reading
Microsoft Reverses Course on Blocking Office Macros by Default
Security experts criticize company for reversing course, albeit temporarily, on a decision it made just this February to block macros in files downloaded from the Internet.
π΄ Microsoft Reverses Course on Blocking Office Macros by Default π΄
π Read
via "Dark Reading".
Security experts criticize company for reversing course, albeit temporarily, on a decision it made just this February to block macros in files downloaded from the Internet.π Read
via "Dark Reading".
Dark Reading
Microsoft Reverses Course on Blocking Office Macros by Default
Security experts criticize company for reversing course, albeit temporarily, on a decision it made just this February to block macros in files downloaded from the Internet.
βΌ CVE-2022-35412 βΌ
π Read
via "National Vulnerability Database".
Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31137 βΌ
π Read
via "National Vulnerability Database".
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2353 βΌ
π Read
via "National Vulnerability Database".
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.π Read
via "National Vulnerability Database".
π’ NCSC and ICO chiefs plead with lawyers to stop making ransomware payments π’
π Read
via "ITPro".
The two UK authorities say misconceptions around ICO fines are jeopardising the integrity of UK cyber security, in a direct appeal to the Law Societyπ Read
via "ITPro".
IT PRO
NCSC and ICO chiefs plead with lawyers to stop making ransomware payments | IT PRO
The two UK authorities say misconceptions around ICO fines are jeopardising the integrity of UK cyber security, in a direct appeal to the Law Society
π’ Web3 projects lose over $2 billion to hacks and exploits in 2022 π’
π Read
via "ITPro".
Blockchain and crypto schemes have already lost more in the first half of this year than throughout all of 2021π Read
via "ITPro".
IT PRO
Web3 projects lose over $2 billion to hacks and exploits in 2022 | IT PRO
Blockchain and crypto schemes have already lost more in the first half of this year than throughout all of 2021
π’ Russia-linked state-sponsored hackers launch fresh attacks by abusing latest red team tool π’
π Read
via "ITPro".
Researchers said the new tool has evaded the detection of many leading security products and is quickly growing in popularityπ Read
via "ITPro".
IT PRO
Russia-linked state-sponsored hackers launch fresh attacks by abusing latest red team tool | IT PRO
Researchers said the new tool has evaded the detection of many leading security products and is quickly growing in popularity
β€1
π’ SHI malware attack causes major disruption and forces staff offline π’
π Read
via "ITPro".
IT supplier says there's no evidence to suggest customer data was exfiltrated during the "security incident" attackπ Read
via "ITPro".
IT PRO
SHI malware attack causes major disruption and forces staff offline | IT PRO
IT supplier says there's no evidence to suggest customer data was exfiltrated during the "security incident" attack
π’ Marriott hit by data breach through social engineering π’
π Read
via "ITPro".
Unknown attackers were reportedly able to exfiltrate 20GB of information from the companyπ Read
via "ITPro".
IT PRO
Marriott hit by data breach through social engineering | IT PRO
Unknown attackers were reportedly able to exfiltrate 20GB of information from the company
π’ Experts bemoan Microsoftβs 'terrible' backtrack on blocking VBA macros π’
π Read
via "ITPro".
Experts express bewilderment over the decision to reverse the long-overdue macro block, as fears mount that cyber criminals can take advantageπ Read
via "ITPro".
ITPro
'This is a terrible idea': Security experts bemoan Microsoftβs backtrack on blocking VBA macros
Experts express bewilderment over the decision to reverse the long-overdue macro block, as fears mount that cyber criminals can take advantage