βΌ CVE-2022-34928 βΌ
π Read
via "National Vulnerability Database".
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27618 βΌ
π Read
via "National Vulnerability Database".
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34968 βΌ
π Read
via "National Vulnerability Database".
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36800 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34943 βΌ
π Read
via "National Vulnerability Database".
Laravel v5.1 was discovered to contain a remote code execution (RCE) vulnerability via the component ChanceGenerator in __call.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27619 βΌ
π Read
via "National Vulnerability Database".
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27616 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34969 βΌ
π Read
via "National Vulnerability Database".
PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34937 βΌ
π Read
via "National Vulnerability Database".
Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34967 βΌ
π Read
via "National Vulnerability Database".
The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database Server v11.43.13.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-27620 βΌ
π Read
via "National Vulnerability Database".
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.π Read
via "National Vulnerability Database".
π΄ 5 Ways Chess Can Inspire Strategic Cybersecurity Thinking π΄
π Read
via "Dark Reading".
Rising interest in chess may feed the next generation of cybersecurity experts.π Read
via "Dark Reading".
Dark Reading
5 Ways Chess Can Inspire Strategic Cybersecurity Thinking
Rising interest in chess may feed the next generation of cybersecurity experts.
π1
ποΈ Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory ποΈ
π Read
via "The Daily Swig".
βWe believe that announcing vulnerabilities without a fix is the best solution for a difficult problemβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory
βWe believe that announcing vulnerabilities without a fix is the best solution for a difficult problemβ
π΄ Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform π΄
π Read
via "Dark Reading".
Converged SASE platform provides AI-driven Zero trust security and simplified, optimized connectivity to any network location or device, including IoT.π Read
via "Dark Reading".
Dark Reading
Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform
Converged SASE platform provides AI-driven Zero trust security and simplified, optimized connectivity to any network location or device, including IoT.
β Cryptocoin βtoken swapperβ Nomad loses $200 million in coding blunder β
π Read
via "Naked Security".
Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and βSuperchargeβ a Tech Career π΄
π Read
via "Dark Reading".
Todd Thibodeaux uses ChannelCon 2022 state of the industry remarks to unveil CompTIAβs Project Agora; invites broad industry participation in the effort to fight for tech talent.π Read
via "Dark Reading".
Dark Reading
CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and βSuperchargeβ a Tech Career
Todd Thibodeaux uses ChannelCon 2022 state of the industry remarks to unveil CompTIAβs Project Agora; invites broad industry participation in the effort to fight for tech talent.
π1
π΄ Druva Introduces the Data Resiliency Guarantee of up to $10 Million π΄
π Read
via "Dark Reading".
The new program offers robust protection across all five data risk categories: cyber, human, application, operation, and environmental.π Read
via "Dark Reading".
Dark Reading
Druva Introduces the Data Resiliency Guarantee of up to $10 Million
The new program offers robust protection across all five data risk categories: cyber, human, application, operation, and environmental.
ποΈ Swiss government announces upcoming launch of federal bug bounty program ποΈ
π Read
via "The Daily Swig".
Switzerland Bug Bounty AG awarded program management contractπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Swiss government announces upcoming launch of federal bug bounty program
Bug Bounty Switzerland AG awarded program management contract
β VMWare Urges Users to Patch Critical Authentication Bypass Bug β
π Read
via "Threat Post".
Vulnerabilityβfor which a proof-of-concept is forthcomingβis one of a string of flaws the company fixed that could lead to an attack chain.π Read
via "Threat Post".
Threat Post
VMWare Urges Users to Patch Critical Authentication Bypass Bug
Vulnerabilityβfor which a proof-of-concept is forthcomingβis one of a string of flaws the company fixed that could lead to an attack chain.
π΄ ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO π΄
π Read
via "Dark Reading".
Serial entrepreneur, cybersecurity leader, and industry veteran joins ShiftLeft to drive growth and AI/ML innovation globally.π Read
via "Dark Reading".
Dark Reading
ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO
Serial entrepreneur, cybersecurity leader, and industry veteran joins ShiftLeft to drive growth and AI/ML innovation globally.
βΌ CVE-2022-23442 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.π Read
via "National Vulnerability Database".