βΌ CVE-2022-27616 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34969 βΌ
π Read
via "National Vulnerability Database".
PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34937 βΌ
π Read
via "National Vulnerability Database".
Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34967 βΌ
π Read
via "National Vulnerability Database".
The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database Server v11.43.13.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-27620 βΌ
π Read
via "National Vulnerability Database".
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.π Read
via "National Vulnerability Database".
π΄ 5 Ways Chess Can Inspire Strategic Cybersecurity Thinking π΄
π Read
via "Dark Reading".
Rising interest in chess may feed the next generation of cybersecurity experts.π Read
via "Dark Reading".
Dark Reading
5 Ways Chess Can Inspire Strategic Cybersecurity Thinking
Rising interest in chess may feed the next generation of cybersecurity experts.
π1
ποΈ Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory ποΈ
π Read
via "The Daily Swig".
βWe believe that announcing vulnerabilities without a fix is the best solution for a difficult problemβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory
βWe believe that announcing vulnerabilities without a fix is the best solution for a difficult problemβ
π΄ Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform π΄
π Read
via "Dark Reading".
Converged SASE platform provides AI-driven Zero trust security and simplified, optimized connectivity to any network location or device, including IoT.π Read
via "Dark Reading".
Dark Reading
Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform
Converged SASE platform provides AI-driven Zero trust security and simplified, optimized connectivity to any network location or device, including IoT.
β Cryptocoin βtoken swapperβ Nomad loses $200 million in coding blunder β
π Read
via "Naked Security".
Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and βSuperchargeβ a Tech Career π΄
π Read
via "Dark Reading".
Todd Thibodeaux uses ChannelCon 2022 state of the industry remarks to unveil CompTIAβs Project Agora; invites broad industry participation in the effort to fight for tech talent.π Read
via "Dark Reading".
Dark Reading
CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and βSuperchargeβ a Tech Career
Todd Thibodeaux uses ChannelCon 2022 state of the industry remarks to unveil CompTIAβs Project Agora; invites broad industry participation in the effort to fight for tech talent.
π1
π΄ Druva Introduces the Data Resiliency Guarantee of up to $10 Million π΄
π Read
via "Dark Reading".
The new program offers robust protection across all five data risk categories: cyber, human, application, operation, and environmental.π Read
via "Dark Reading".
Dark Reading
Druva Introduces the Data Resiliency Guarantee of up to $10 Million
The new program offers robust protection across all five data risk categories: cyber, human, application, operation, and environmental.
ποΈ Swiss government announces upcoming launch of federal bug bounty program ποΈ
π Read
via "The Daily Swig".
Switzerland Bug Bounty AG awarded program management contractπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Swiss government announces upcoming launch of federal bug bounty program
Bug Bounty Switzerland AG awarded program management contract
β VMWare Urges Users to Patch Critical Authentication Bypass Bug β
π Read
via "Threat Post".
Vulnerabilityβfor which a proof-of-concept is forthcomingβis one of a string of flaws the company fixed that could lead to an attack chain.π Read
via "Threat Post".
Threat Post
VMWare Urges Users to Patch Critical Authentication Bypass Bug
Vulnerabilityβfor which a proof-of-concept is forthcomingβis one of a string of flaws the company fixed that could lead to an attack chain.
π΄ ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO π΄
π Read
via "Dark Reading".
Serial entrepreneur, cybersecurity leader, and industry veteran joins ShiftLeft to drive growth and AI/ML innovation globally.π Read
via "Dark Reading".
Dark Reading
ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO
Serial entrepreneur, cybersecurity leader, and industry veteran joins ShiftLeft to drive growth and AI/ML innovation globally.
βΌ CVE-2022-23442 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32293 βΌ
π Read
via "National Vulnerability Database".
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36359 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35620 βΌ
π Read
via "National Vulnerability Database".
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35619 βΌ
π Read
via "National Vulnerability Database".
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27484 βΌ
π Read
via "National Vulnerability Database".
A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34973 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp.π Read
via "National Vulnerability Database".