βΌ CVE-2022-28700 βΌ
π Read
via "National Vulnerability Database".
Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30536 βΌ
π Read
via "National Vulnerability Database".
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31475 βΌ
π Read
via "National Vulnerability Database".
Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.π Read
via "National Vulnerability Database".
π AIEngine 2.2.0 π
π Read
via "Packet Storm Security".
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.π Read
via "Packet Storm Security".
Packetstormsecurity
AIEngine 2.2.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Mysterious, Cloud-Enabled macOS Spyware Blows Onto the Scene π΄
π Read
via "Dark Reading".
The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities.π Read
via "Dark Reading".
Dark Reading
Mysterious, Cloud-Enabled macOS Spyware Blows Onto the Scene
The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities.
βΌ CVE-2022-0974 βΌ
π Read
via "National Vulnerability Database".
Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20891 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0971 βΌ
π Read
via "National Vulnerability Database".
Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0975 βΌ
π Read
via "National Vulnerability Database".
Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0977 βΌ
π Read
via "National Vulnerability Database".
Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0972 βΌ
π Read
via "National Vulnerability Database".
Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0973 βΌ
π Read
via "National Vulnerability Database".
Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0976 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2327 βΌ
π Read
via "National Vulnerability Database".
io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859π Read
via "National Vulnerability Database".
βΌ CVE-2022-2209 βΌ
π Read
via "National Vulnerability Database".
io_uring uses work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. The mapping of flags is incomplete, which leads to multiple incorrect reference counts and hence use-after-free. We recommend upgrading past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859π Read
via "National Vulnerability Database".
ποΈ Grafana patches vulnerability that could lead to admin account takeover ποΈ
π Read
via "The Daily Swig".
Open source analytics platform fixes bug that could lead to authentication bypass, privilege escalationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Grafana patches vulnerability that could lead to admin account takeover
Open source analytics platform fixes bug that could lead to authentication bypass, privilege escalation
β S3 Ep92: Log4Shell4Ever, travel tips, and scamminess [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen, read or both!π Read
via "Naked Security".
Naked Security
S3 Ep92: Log4Shell4Ever, travel tips, and scamminess [Audio + Text]
Latest episode β listen, read or both!
β Apple patches β0-dayβ browser bug fixed 2 weeks ago in Chrome, Edge β
π Read
via "Naked Security".
One vendor's zero-day is another vendor's routine patch...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ποΈ Zyxel firewall vulnerabilities left business networks open to abuse ποΈ
π Read
via "The Daily Swig".
Severity of code execution bug mitigated by βhigh uptakeβ of previous patchπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Zyxel firewall vulnerabilities left business networks open to abuse
Severity of code execution bug mitigated by βhigh uptakeβ of previous patch
βΌ CVE-2022-36131 βΌ
π Read
via "National Vulnerability Database".
The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31168 βΌ
π Read
via "National Vulnerability Database".
Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who donΓΒ’Γ’β¬ÒβΒ’t own any bots, and lack permission to create them, canΓΒ’Γ’β¬ÒβΒ’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots.π Read
via "National Vulnerability Database".