βΌ CVE-2022-32458 βΌ
π Read
via "National Vulnerability Database".
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32959 βΌ
π Read
via "National Vulnerability Database".
HiCOSΓ’β¬β’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33967 βΌ
π Read
via "National Vulnerability Database".
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-34866 βΌ
π Read
via "National Vulnerability Database".
Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the product is running.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31250 βΌ
π Read
via "National Vulnerability Database".
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46828 βΌ
π Read
via "National Vulnerability Database".
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.π Read
via "National Vulnerability Database".
π΄ Tackling the Cybersecurity Workforce Challenge With Apprentices π΄
π Read
via "Dark Reading".
One of the announcements out of the National Cyber Workforce and Education Summit on July 19 was the 120-day Cybersecurity Apprenticeship Sprint.π Read
via "Dark Reading".
Dark Reading
Tackling the Cybersecurity Workforce Challenge With Apprentices
One of the announcements out of the National Cyber Workforce and Education Summit on July 19 was the 120-day Cybersecurity Apprenticeship Sprint.
ποΈ W3C launches Decentralized Identifiers as a web standard ποΈ
π Read
via "The Daily Swig".
DID has been designed to give users and organizations greater security and privacyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
W3C launches Decentralized Identifiers as a web standard
DID has been designed to give users and organizations greater security and privacy
βΌ CVE-2022-36321 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some casesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2489 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple E-Learning System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classRoom.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x6770715a WHERE 8795=8795 AND (SELECT 8342 FROM(SELECT COUNT(*),CONCAT(0x7171786b71,(SELECT (ELT(8342=8342,1))),0x717a7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2487 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2492 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Library Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument RollNo with the input admin' AND (SELECT 2625 FROM (SELECT(SLEEP(5)))MdIL) AND 'KXmq'='KXmq&Password=1231312312 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24660 βΌ
π Read
via "National Vulnerability Database".
The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31858 βΌ
π Read
via "National Vulnerability Database".
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2488 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2486 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2490 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Simple E-Learning System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x74666264 WHERE 5610=5610 AND (SELECT 7504 FROM(SELECT COUNT(*),CONCAT(0x7171627a71,(SELECT (ELT(7504=7504,1))),0x71717a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24659 βΌ
π Read
via "National Vulnerability Database".
Goldshell ASIC Miners v2.2.1 and below was discovered to contain a path traversal vulnerability which allows unauthenticated attackers to retrieve arbitrary files from the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36322 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.04.2 build parameter injection was possibleπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2491 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Library Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file lab.php. The manipulation of the argument Section with the input 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71716b7171,0x546e4444736b7743575a666d4873746a6450616261527a67627944426946507245664143694c6a4c,0x7162706b71),NULL,NULL,NULL,NULL# leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24657 βΌ
π Read
via "National Vulnerability Database".
Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22).π Read
via "National Vulnerability Database".