βΌ CVE-2022-2030 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.π Read
via "National Vulnerability Database".
ποΈ LDAP Account Manager bug poses unauthenticated remote code execution risk ποΈ
π Read
via "The Daily Swig".
Silence of the LAMπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
LDAP Account Manager bug poses unauthenticated remote code execution risk
Silence of the LAM
π1
βΌ CVE-2022-2467 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2468 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Garage Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /editbrand.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
ποΈ Tor Browser 11.5 release enables users to automatically circumvent censorship ποΈ
π Read
via "The Daily Swig".
New update addresses challenges faced by users in repressive countriesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tor Browser 11.5 release enables users to automatically circumvent censorship
New update addresses challenges faced by users in repressive countries
π΄ Protecting Against Kubernetes-Borne Ransomware π΄
π Read
via "Dark Reading".
The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended.π Read
via "Dark Reading".
Dark Reading
Protecting Against Kubernetes-Borne Ransomware
The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended.
π΄ Enso Security Leads Industry Mission to Bring Control to Chaos With Community-Driven AppSec Map π΄
π Read
via "Dark Reading".
Builds personalization, posture scoring and enhanced market intelligence into interactive map of the application security ecosystem.π Read
via "Dark Reading".
Dark Reading
Enso Security Leads Industry Mission to Bring Control to Chaos With Community-Driven AppSec Map
Builds personalization, posture scoring and enhanced market intelligence into interactive map of the application security ecosystem.
π΄ GhangorCloud Announces CAPE, a Next Generation Unified Compliance and Data Privacy Enforcement Solution π΄
π Read
via "Dark Reading".
New CAPE platform delivers patented intelligent automation and enforcement of consumer data privacy mandates at lowest total cost of ownership.π Read
via "Dark Reading".
Dark Reading
GhangorCloud Announces CAPE, a Next Generation Unified Compliance and Data Privacy Enforcement Solution
New CAPE platform delivers patented intelligent automation and enforcement of consumer data privacy mandates at lowest total cost of ownership.
ποΈ βPassword extraction riskβ in identity provider Okta disputed ποΈ
π Read
via "The Daily Swig".
Researchers go public after vendor disputes impersonation threatπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βPassword extraction riskβ in identity provider Okta disputed
Researchers go public after vendor disputes impersonation threat
π1
β FBI Warns Fake Crypto Apps are Bilking Investors of Millions β
π Read
via "Threat Post".
Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them.π Read
via "Threat Post".
Threat Post
FBI Warns Fake Crypto Apps are Bilking Investors of Millions
Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them.
β Authentication Risks Discovered in Okta Platform β
π Read
via "Threat Post".
Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction.π Read
via "Threat Post".
Threat Post
Authentication Risks Discovered in Okta Platform
Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction.
π΄ Unpatched GPS Tracker Security Bugs Threaten 1.5M Vehicles with Disruption π΄
π Read
via "Dark Reading".
A GPS device from MiCODUS has six security bugs that could allow attackers to monitor 1.5 million vehicles that use the tracker, or even remotely disable vehicles.π Read
via "Dark Reading".
Dark Reading
Unpatched GPS Tracker Security Bugs Threaten 1.5M Vehicles With Disruption
A GPS device from MiCODUS has six security bugs that could allow attackers to monitor 1.5 million vehicles that use the tracker, or even remotely disable vehicles.
βΌ CVE-2022-29060 βΌ
π Read
via "National Vulnerability Database".
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2192 βΌ
π Read
via "National Vulnerability Database".
Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2453 βΌ
π Read
via "National Vulnerability Database".
Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24082 βΌ
π Read
via "National Vulnerability Database".
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26113 βΌ
π Read
via "National Vulnerability Database".
An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35405 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)π Read
via "National Vulnerability Database".
βΌ CVE-2022-1984 βΌ
π Read
via "National Vulnerability Database".
This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32504 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive informationΓ’β¬β’s to launch further attacks on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2454 βΌ
π Read
via "National Vulnerability Database".
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV.π Read
via "National Vulnerability Database".