βΌ CVE-2022-34641 βΌ
π Read
via "National Vulnerability Database".
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34639 βΌ
π Read
via "National Vulnerability Database".
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34634 βΌ
π Read
via "National Vulnerability Database".
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34632 βΌ
π Read
via "National Vulnerability Database".
Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain insufficient cryptography via the component /rocket/RocketCore.scala.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34640 βΌ
π Read
via "National Vulnerability Database".
The *tval of ecall/ebreak in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a was discovered to be incorrect.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34636 βΌ
π Read
via "National Vulnerability Database".
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMA violation occurs during address translation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34637 βΌ
π Read
via "National Vulnerability Database".
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an incorrect exception type when an illegal virtual address is loaded.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34633 βΌ
π Read
via "National Vulnerability Database".
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted sfence.vma instructions rather create an exception.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34643 βΌ
π Read
via "National Vulnerability Database".
RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34635 βΌ
π Read
via "National Vulnerability Database".
The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a does not update when the mstatus.fs field is set to Dirty.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30526 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30532 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2030 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.π Read
via "National Vulnerability Database".
ποΈ LDAP Account Manager bug poses unauthenticated remote code execution risk ποΈ
π Read
via "The Daily Swig".
Silence of the LAMπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
LDAP Account Manager bug poses unauthenticated remote code execution risk
Silence of the LAM
π1
βΌ CVE-2022-2467 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2468 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Garage Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /editbrand.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
ποΈ Tor Browser 11.5 release enables users to automatically circumvent censorship ποΈ
π Read
via "The Daily Swig".
New update addresses challenges faced by users in repressive countriesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tor Browser 11.5 release enables users to automatically circumvent censorship
New update addresses challenges faced by users in repressive countries
π΄ Protecting Against Kubernetes-Borne Ransomware π΄
π Read
via "Dark Reading".
The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended.π Read
via "Dark Reading".
Dark Reading
Protecting Against Kubernetes-Borne Ransomware
The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended.
π΄ Enso Security Leads Industry Mission to Bring Control to Chaos With Community-Driven AppSec Map π΄
π Read
via "Dark Reading".
Builds personalization, posture scoring and enhanced market intelligence into interactive map of the application security ecosystem.π Read
via "Dark Reading".
Dark Reading
Enso Security Leads Industry Mission to Bring Control to Chaos With Community-Driven AppSec Map
Builds personalization, posture scoring and enhanced market intelligence into interactive map of the application security ecosystem.
π΄ GhangorCloud Announces CAPE, a Next Generation Unified Compliance and Data Privacy Enforcement Solution π΄
π Read
via "Dark Reading".
New CAPE platform delivers patented intelligent automation and enforcement of consumer data privacy mandates at lowest total cost of ownership.π Read
via "Dark Reading".
Dark Reading
GhangorCloud Announces CAPE, a Next Generation Unified Compliance and Data Privacy Enforcement Solution
New CAPE platform delivers patented intelligent automation and enforcement of consumer data privacy mandates at lowest total cost of ownership.
ποΈ βPassword extraction riskβ in identity provider Okta disputed ποΈ
π Read
via "The Daily Swig".
Researchers go public after vendor disputes impersonation threatπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βPassword extraction riskβ in identity provider Okta disputed
Researchers go public after vendor disputes impersonation threat
π1