‼ CVE-2022-34760 ‼
📖 Read
via "National Vulnerability Database".
A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31145 ‼
📖 Read
via "National Vulnerability Database".
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin as the OAuth2 Authorization Server are unaffected by this issue. A patch is available on the `master` branch of the repository. As a workaround, rotating signing keys immediately will invalidate all open sessions and force all users to attempt to obtain new tokens. Those who use this workaround should continue to rotate keys until FlyteAdmin has been upgraded and hide FlyteAdmin deployment ingress URL from the internet.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34762 ‼
📖 Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34761 ‼
📖 Read
via "National Vulnerability Database".
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32308 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34757 ‼
📖 Read
via "National Vulnerability Database".
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34765 ‼
📖 Read
via "National Vulnerability Database".
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34756 ‼
📖 Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34758 ‼
📖 Read
via "National Vulnerability Database".
A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21967 ‼
📖 Read
via "National Vulnerability Database".
File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34754 ‼
📖 Read
via "National Vulnerability Database".
A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B) (V2.12.0 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34759 ‼
📖 Read
via "National Vulnerability Database".
A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
🕴 Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs 🕴
📖 Read
via "Dark Reading".
"Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack.📖 Read
via "Dark Reading".
Dark Reading
Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs
"Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack.
‼ CVE-2022-35857 ‼
📖 Read
via "National Vulnerability Database".
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file.📖 Read
via "National Vulnerability Database".
👍2
‼ CVE-2017-20129 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in LogoStore. It has been classified as critical. Affected is an unknown function of the file /LogoStore/search.php. The manipulation of the argument query with the input test' UNION ALL SELECT CONCAT(CONCAT('qqkkq','VnPVWVaYxljWqGpLLbEIyPIHBjjjjASQTnaqfKaV'),'qvvpq'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- oCrh&search= leads to sql injection. It is possible to launch the attack remotely.📖 Read
via "National Vulnerability Database".
🗓️ Microsoft Teams security vulnerability left users open to XSS via flawed stickers feature 🗓️
📖 Read
via "The Daily Swig".
The friendly image sent by your colleague on a teleconference may be hiding a malicious secret📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Microsoft Teams security vulnerability left users open to XSS via flawed stickers feature
The friendly image sent by your colleague on a teleconference may be hiding a malicious secret
🕴 The Next Generation of Threat Detection Will Require Both Human and Machine Expertise 🕴
📖 Read
via "Dark Reading".
To be truly effective, threat detection and response need to combine the strengths of people and technology.📖 Read
via "Dark Reading".
Dark Reading
The Next Generation of Threat Detection Will Require Both Human and Machine Expertise
To be truly effective, threat detection and response need to combine the strengths of people and technology.
🕴 Virtual CISOs Are the Best Defense Against Accelerating Cyber-Risks 🕴
📖 Read
via "Dark Reading".
A poor, permanent hire can be a very expensive error, whereas a mis-hire on a virtual CISO can be rapidly corrected.📖 Read
via "Dark Reading".
Dark Reading
Virtual CISOs Are the Best Defense Against Accelerating Cyber-Risks
A poor, permanent hire can be a very expensive error, whereas a mis-hire on a virtual CISO can be rapidly corrected.
‼ CVE-2022-30113 ‼
📖 Read
via "National Vulnerability Database".
Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28369 ‼
📖 Read
via "National Vulnerability Database".
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL. The data (found at that URL) is written to /usr/sbin/dropbear and then executed as root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2396 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input "><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".