βΌ CVE-2022-22685 βΌ
π Read
via "National Vulnerability Database".
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27611 βΌ
π Read
via "National Vulnerability Database".
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22683 βΌ
π Read
via "National Vulnerability Database".
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36364 βΌ
π Read
via "National Vulnerability Database".
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. To exploit the vulnerability: 1) the attacker needs to have privileges to control JDBC connection parameters; 2) and there should be a vulnerable class (constructor with URL parameter and ability to execute code) in the classpath. From Apache Calcite Avatica 1.22.0 onwards, it will be verified that the class implements the expected interface before invoking its constructor.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37010 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-37009 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possibleπ Read
via "National Vulnerability Database".
ποΈ Onfido bug bounty program launched to help shore up ID verification defenses ποΈ
π Read
via "The Daily Swig".
Initiative adds another layer of protection for end-to-end identity verification platformπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Onfido bug bounty program launched to help shore up ID verification defenses
Initiative adds another layer of protection for end-to-end identity verification platform
π΄ What Women Should Know Before Joining the Cybersecurity Industry π΄
π Read
via "Dark Reading".
Three observations about our industry that might help demystify security for women entrants.π Read
via "Dark Reading".
Dark Reading
What Women Should Know Before Joining the Cybersecurity Industry
Three observations about our industry that might help demystify security for women entrants.
π Wireshark Analyzer 3.6.7 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.6.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π2
ποΈ GitHub enhances 2FA for npm, improves security and manageability ποΈ
π Read
via "The Daily Swig".
New features also include ability to connect social media accountsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitHub enhances 2FA for NPM, improves security and manageability
New features also include ability to connect social media accounts
β S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
Latest episode β listen now!
βΌ CVE-2022-1805 βΌ
π Read
via "National Vulnerability Database".
When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22644 βΌ
π Read
via "National Vulnerability Database".
Ovarro TBox TWinSoft uses the custom hardcoded user Γ’β¬ΕTWinSoftΓ’β¬οΏ½ with a hardcoded key.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22650 βΌ
π Read
via "National Vulnerability Database".
An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22640 βΌ
π Read
via "National Vulnerability Database".
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22646 βΌ
π Read
via "National Vulnerability Database".
The Γ’β¬ΕipkΓ’β¬οΏ½ package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1948 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22648 βΌ
π Read
via "National Vulnerability Database".
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.π Read
via "National Vulnerability Database".
βΌ CVE-2016-2138 βΌ
π Read
via "National Vulnerability Database".
In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27509 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated redirection to a malicious websiteπ Read
via "National Vulnerability Database".
βΌ CVE-2022-35882 βΌ
π Read
via "National Vulnerability Database".
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.1 at WordPress.π Read
via "National Vulnerability Database".