βΌ CVE-2022-0972 βΌ
π Read
via "National Vulnerability Database".
Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0973 βΌ
π Read
via "National Vulnerability Database".
Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0976 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2327 βΌ
π Read
via "National Vulnerability Database".
io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859π Read
via "National Vulnerability Database".
βΌ CVE-2022-2209 βΌ
π Read
via "National Vulnerability Database".
io_uring uses work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. The mapping of flags is incomplete, which leads to multiple incorrect reference counts and hence use-after-free. We recommend upgrading past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859π Read
via "National Vulnerability Database".
ποΈ Grafana patches vulnerability that could lead to admin account takeover ποΈ
π Read
via "The Daily Swig".
Open source analytics platform fixes bug that could lead to authentication bypass, privilege escalationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Grafana patches vulnerability that could lead to admin account takeover
Open source analytics platform fixes bug that could lead to authentication bypass, privilege escalation
β S3 Ep92: Log4Shell4Ever, travel tips, and scamminess [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen, read or both!π Read
via "Naked Security".
Naked Security
S3 Ep92: Log4Shell4Ever, travel tips, and scamminess [Audio + Text]
Latest episode β listen, read or both!
β Apple patches β0-dayβ browser bug fixed 2 weeks ago in Chrome, Edge β
π Read
via "Naked Security".
One vendor's zero-day is another vendor's routine patch...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ποΈ Zyxel firewall vulnerabilities left business networks open to abuse ποΈ
π Read
via "The Daily Swig".
Severity of code execution bug mitigated by βhigh uptakeβ of previous patchπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Zyxel firewall vulnerabilities left business networks open to abuse
Severity of code execution bug mitigated by βhigh uptakeβ of previous patch
βΌ CVE-2022-36131 βΌ
π Read
via "National Vulnerability Database".
The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31168 βΌ
π Read
via "National Vulnerability Database".
Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who donΓΒ’Γ’β¬ÒβΒ’t own any bots, and lack permission to create them, canΓΒ’Γ’β¬ÒβΒ’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots.π Read
via "National Vulnerability Database".
π΄ What Firewalls Can β and Can't β Accomplish π΄
π Read
via "Dark Reading".
Understanding the limitations of firewalls is important to protecting the organization from evolving threats.π Read
via "Dark Reading".
Dark Reading
What Firewalls Can β and Can't β Accomplish
Understanding the limitations of firewalls is important to protecting the organization from evolving threats.
π Friday Five 7/22 π
π Read
via "".
A new PayPal phishing campaign makes the rounds, the FBI sounds the alarm on fake cryptocurrency apps, and more - catch up on the news of the week with the Friday Five!π Read
via "".
ποΈ βWeβre still fighting last decadeβs battleβ β Sonatype CTO Brian Fox on the struggle to secure the neglected software supply chain ποΈ
π Read
via "The Daily Swig".
Open source security expert warns there is still a βlong roadβ ahead to prepare for the next attack waveπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βWeβre still fighting last decadeβs battleβ β Sonatype CTO Brian Fox on the struggle to secure the neglected software supply chain
Open source security expert warns there is still a βlong roadβ ahead to prepare for the next attack wave
βΌ CVE-2022-34509 βΌ
π Read
via "National Vulnerability Database".
The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34037 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2136 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34982 βΌ
π Read
via "National Vulnerability Database".
The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2135 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36200 βΌ
π Read
via "National Vulnerability Database".
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2142 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.π Read
via "National Vulnerability Database".