🕴 Scribe Security Releases Code Integrity Validator Alongside Github Security Open Source Project 🕴
📖 Read
via "Dark Reading".
Developers can now rest assured that the code they are using, as well as their GitHub accounts, are safe.📖 Read
via "Dark Reading".
Dark Reading
Scribe Security Releases Code Integrity Validator Alongside Github Security Open Source Project
Developers can now rest assured that the code they are using, as well as their GitHub accounts, are safe.
🕴 AEI HorizonX Ventures Joins Shift5 Series B Funding Round 🕴
📖 Read
via "Dark Reading".
Investment bolsters Shift5’s traction within commercial aerospace and defense industries.📖 Read
via "Dark Reading".
Dark Reading
AEI HorizonX Ventures Joins Shift5 Series B Funding Round
Investment bolsters Shift5’s traction within commercial aerospace and defense industries.
‼ CVE-2022-2408 ‼
📖 Read
via "National Vulnerability Database".
The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31142 ‼
📖 Read
via "National Vulnerability Database".
@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750, the bearer token has only base64 valid characters, reducing the range of characters for a brute force attack. Version 7.0.2 and 8.0.1 of @fastify/bearer-auth contain a patch. There are currently no known workarounds. The package fastify-bearer-auth, which covers versions 6.0.3 and prior, is also vulnerable starting at version 5.0.1. Users of fastify-bearer-auth should upgrade to a patched version of @fastify/bearer-auth.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-2406 ‼
📖 Read
via "National Vulnerability Database".
The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22450 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22460 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22452 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 224918.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2401 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22453 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919.📖 Read
via "National Vulnerability Database".
🕴 DHS Review Board Deems Log4j an 'Endemic' Cyber Threat 🕴
📖 Read
via "Dark Reading".
Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.📖 Read
via "Dark Reading".
Dark Reading
DHS Review Board Deems Log4j an 'Endemic' Cyber Threat
Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.
🕴 New Phishing Kit Hijacks WordPress Sites for PayPal Scam 🕴
📖 Read
via "Dark Reading".
Attackers use scam security checks to steal victims' government documents, photos, banking information, and email passwords, researchers warn.📖 Read
via "Dark Reading".
Dark Reading
New Phishing Kit Hijacks WordPress Sites for PayPal Scam
Attackers use scam security checks to steal victims' government documents, photos, banking information, and email passwords, researchers warn.
🕴 Bishop Fox Secures $75 Million in Growth Funding From Carrick Capital Partners 🕴
📖 Read
via "Dark Reading".
Offensive security leader continues to defy market and economic trends with record growth and recognized innovation.📖 Read
via "Dark Reading".
Dark Reading
Bishop Fox Secures $75 Million in Growth Funding From Carrick Capital Partners
Offensive security leader continues to defy market and economic trends with record growth and recognized innovation.
‼ CVE-2022-32415 ‼
📖 Read
via "National Vulnerability Database".
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34093 ‼
📖 Read
via "National Vulnerability Database".
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34092 ‼
📖 Read
via "National Vulnerability Database".
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32417 ‼
📖 Read
via "National Vulnerability Database".
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32425 ‼
📖 Read
via "National Vulnerability Database".
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32416 ‼
📖 Read
via "National Vulnerability Database".
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32409 ‼
📖 Read
via "National Vulnerability Database".
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34094 ‼
📖 Read
via "National Vulnerability Database".
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.📖 Read
via "National Vulnerability Database".
👍2