βΌ CVE-2022-31168 βΌ
π Read
via "National Vulnerability Database".
Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who donΓΒ’Γ’β¬ÒβΒ’t own any bots, and lack permission to create them, canΓΒ’Γ’β¬ÒβΒ’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots.π Read
via "National Vulnerability Database".
π΄ What Firewalls Can β and Can't β Accomplish π΄
π Read
via "Dark Reading".
Understanding the limitations of firewalls is important to protecting the organization from evolving threats.π Read
via "Dark Reading".
Dark Reading
What Firewalls Can β and Can't β Accomplish
Understanding the limitations of firewalls is important to protecting the organization from evolving threats.
π Friday Five 7/22 π
π Read
via "".
A new PayPal phishing campaign makes the rounds, the FBI sounds the alarm on fake cryptocurrency apps, and more - catch up on the news of the week with the Friday Five!π Read
via "".
ποΈ βWeβre still fighting last decadeβs battleβ β Sonatype CTO Brian Fox on the struggle to secure the neglected software supply chain ποΈ
π Read
via "The Daily Swig".
Open source security expert warns there is still a βlong roadβ ahead to prepare for the next attack waveπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βWeβre still fighting last decadeβs battleβ β Sonatype CTO Brian Fox on the struggle to secure the neglected software supply chain
Open source security expert warns there is still a βlong roadβ ahead to prepare for the next attack wave
βΌ CVE-2022-34509 βΌ
π Read
via "National Vulnerability Database".
The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34037 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2136 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34982 βΌ
π Read
via "National Vulnerability Database".
The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2135 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36200 βΌ
π Read
via "National Vulnerability Database".
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2142 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2143 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34520 βΌ
π Read
via "National Vulnerability Database".
Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34502 βΌ
π Read
via "National Vulnerability Database".
Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34501 βΌ
π Read
via "National Vulnerability Database".
The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2470 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2137 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose informationπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1655 βΌ
π Read
via "National Vulnerability Database".
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2139 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2138 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34981 βΌ
π Read
via "National Vulnerability Database".
The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.π Read
via "National Vulnerability Database".