‼ CVE-2022-36879 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34971 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34611 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field.📖 Read
via "National Vulnerability Database".
🗓️ Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite 🗓️
📖 Read
via "The Daily Swig".
Security release also includes precautionary patches for potential Log4j-like flaw in Logback library📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite
Security release also includes precautionary patches for potential Log4j-like flaw in Logback library
👍1
🔏 What is the OSI Model? An Overview of the OSI Model's 7 Layers 🔏
📖 Read
via "".
The OSI model includes seven layers that computer systems use to communicate over networks. Learn about the OSI Model layers and how they interact in this blog.📖 Read
via "".
Digital Guardian
What is the OSI Model? An Overview of the OSI Model's 7 Layers
🕴 No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices 🕴
📖 Read
via "Dark Reading".
.📖 Read
via "Dark Reading".
Dark Reading
No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices
🕴 8 Hot Summer Fiction Reads for Cybersecurity Pros 🕴
📖 Read
via "Dark Reading".
A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts.📖 Read
via "Dark Reading".
Dark Reading
8 Hot Summer Fiction Reads for Cybersecurity Pros
A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts.
🕴 The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications 🕴
📖 Read
via "Dark Reading".
IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.📖 Read
via "Dark Reading".
Dark Reading
The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications
IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.
🗓️ One in five data breaches due to software supply chain compromise, IBM report warns 🗓️
📖 Read
via "The Daily Swig".
Attack vector cost businesses 2.5% more in one year📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
One in five data breaches due to software supply chain compromise, IBM report warns
Attack vector cost businesses 2.5% more in one year
🕴 First Cohort Graduates from PSM Cyber Stars Program at Liverpool FC 🕴
📖 Read
via "Dark Reading".
New careers in IT open up for former footballers.📖 Read
via "Dark Reading".
Dark Reading
First Cohort Graduates from PSM Cyber Stars Program at Liverpool FC
New careers in IT open up for former footballers.
👍1
‼ CVE-2022-36898 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33970 ‼
📖 Read
via "National Vulnerability Database".
Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36886 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36902 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24405 ‼
📖 Read
via "National Vulnerability Database".
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36885 ‼
📖 Read
via "National Vulnerability Database".
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36888 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36914 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-35291 ‼
📖 Read
via "National Vulnerability Database".
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successful exploitation, the attacker can read/write attachments. Thus, compromising the confidentiality and integrity of the application📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24406 ‼
📖 Read
via "National Vulnerability Database".
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36917 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup.📖 Read
via "National Vulnerability Database".