🕴 Startup Aims to Secure AI, Machine Learning Development 🕴
📖 Read
via "Dark Reading".
With security experts warning against attacks on machine learning models and data, startup HiddenLayer aims to protect the neural networks powering AI-augmented products.📖 Read
via "Dark Reading".
Dark Reading
Startup Aims to Secure AI, Machine Learning Development
With security experts warning against attacks on machine learning models and data, startup HiddenLayer aims to protect the neural networks powering AI-augmented products.
🕴 Post-Breakup, Conti Ransomware Members Remain Dangerous 🕴
📖 Read
via "Dark Reading".
The gang's members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say.📖 Read
via "Dark Reading".
Dark Reading
Post-Breakup, Conti Ransomware Members Remain Dangerous
The gang's members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say.
‼ CVE-2022-34024 ‼
📖 Read
via "National Vulnerability Database".
Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34169 ‼
📖 Read
via "National Vulnerability Database".
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36305 ‼
📖 Read
via "National Vulnerability Database".
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27373 ‼
📖 Read
via "National Vulnerability Database".
Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution (RCE) vulnerability via the Ping function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2394 ‼
📖 Read
via "National Vulnerability Database".
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36304 ‼
📖 Read
via "National Vulnerability Database".
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30570 ‼
📖 Read
via "National Vulnerability Database".
The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36303 ‼
📖 Read
via "National Vulnerability Database".
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34025 ‼
📖 Read
via "National Vulnerability Database".
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.📖 Read
via "National Vulnerability Database".
🕴 Ongoing Magecart Campaign Targets Online Ordering at Local Restaurants 🕴
📖 Read
via "Dark Reading".
More than 311 local eateries have been breached through online ordering platforms MenuDrive, Harbortouch, and InTouchPOS, impacting 50K records — and counting.📖 Read
via "Dark Reading".
Dark Reading
Ongoing Magecart Campaign Targets Online Ordering at Local Restaurants
More than 311 local eateries have been breached through online ordering platforms MenuDrive, Harbortouch, and InTouchPOS, impacting 50K records — and counting.
‼ CVE-2022-1922 ‼
📖 Read
via "National Vulnerability Database".
DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34536 ‼
📖 Read
via "National Vulnerability Database".
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log file and perform session hijacking via a crafted session token.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34540 ‼
📖 Read
via "National Vulnerability Database".
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/license/license_tok.cgi. This vulnerability is exploitable via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34539 ‼
📖 Read
via "National Vulnerability Database".
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/curltest.cgi. This vulnerability is exploitable via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2122 ‼
📖 Read
via "National Vulnerability Database".
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34537 ‼
📖 Read
via "National Vulnerability Database".
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a cross-site scripting (XSS) vulnerability via the component bia_oneshot.cgi.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1921 ‼
📖 Read
via "National Vulnerability Database".
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1920 ‼
📖 Read
via "National Vulnerability Database".
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31150 ‼
📖 Read
via "National Vulnerability Database".
undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\r\n` is a workaround for this issue.📖 Read
via "National Vulnerability Database".