‼ CVE-2022-35927 ‼
📖 Read
via "National Vulnerability Database".
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length parameter. The value of the length parameter is not validated, however, and it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. This vulnerability affects anyone running a Contiki-NG version prior to 4.7 that can receive RPL DIO messages from external parties. To obtain a patched version, users should upgrade to Contiki-NG 4.7 or later. There are no workarounds for this issue.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-35143 ‼
📖 Read
via "National Vulnerability Database".
Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32771 ‼
📖 Read
via "National Vulnerability Database".
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have joined an RPL DODAG. After that, an attacker can send a DAO packet with a Target option that contains a prefix length larger than 128 bits. The problem was fixed after the release of Contiki-NG 4.7. Users unable to upgrade may apply the patch in Contiki-NG PR #1615.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37415 ‼
📖 Read
via "National Vulnerability Database".
The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21186 ‼
📖 Read
via "National Vulnerability Database".
The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37431 ‼
📖 Read
via "National Vulnerability Database".
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-37416 ‼
📖 Read
via "National Vulnerability Database".
Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2626 ‼
📖 Read
via "National Vulnerability Database".
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37434 ‼
📖 Read
via "National Vulnerability Database".
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).📖 Read
via "National Vulnerability Database".
🗓️ Authentication bypass bug in Nextauth.js could allow email account takeover 🗓️
📖 Read
via "The Daily Swig".
Vulnerability has been patched in latest versions📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Authentication bypass bug in Nextauth.js could allow email account takeover
Vulnerability has been patched in latest versions
👍1
❌ Open Redirect Flaw Snags Amex, Snapchat User Data ❌
📖 Read
via "Threat Post".
Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.📖 Read
via "Threat Post".
Threat Post
Open Redirect Flaw Snags Amex, Snapchat User Data
Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.
‼ CVE-2022-2672 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName/uemail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205656.📖 Read
via "National Vulnerability Database".
🕴 How to Resolve Permission Issues in CI/CD Pipelines 🕴
📖 Read
via "Dark Reading".
This Tech Tip outlines how DevOps teams can address security integration issues in their CI/CD pipelines.📖 Read
via "Dark Reading".
Dark Reading
How to Resolve Permission Issues in CI/CD Pipelines
This Tech Tip outlines how DevOps teams can address security integration issues in their CI/CD pipelines.
‼ CVE-2022-2674 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205658 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2671 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Garage Management System and classified as critical. This issue affects some unknown processing of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205655.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-2673 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35936 ‼
📖 Read
via "National Vulnerability Database".
Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state.📖 Read
via "National Vulnerability Database".
🕴 A Digital Home Has Many Open Doors 🕴
📖 Read
via "Dark Reading".
Development of digital gateways to protect the places where we live, work, and converse need to be secure and many doors need to offer restricted access.📖 Read
via "Dark Reading".
Dark Reading
A Digital Home Has Many Open Doors
Development of digital gateways to protect the places where we live, work, and converse need to be secure and many doors need to offer restricted access.
🗓️ High-impact vulnerability in DrayTek routers leaves thousands of SMEs open to exploitation 🗓️
📖 Read
via "The Daily Swig".
Now-patched RCE bug impacts dozens of DrayTek Vigor router models📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
High-impact vulnerability in DrayTek routers leaves thousands of SMEs open to exploitation
Now-patched RCE bug impacts dozens of DrayTek Vigor router models
👍2
🛠 GNUnet P2P Framework 0.17.3 🛠
📖 Read
via "Packet Storm Security".
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.📖 Read
via "Packet Storm Security".
Packetstormsecurity
GNUnet P2P Framework 0.17.3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🔏 Friday Five 8/5 🔏
📖 Read
via "".
New and dangerous scams are on the rise, your sensitive information may be at risk due to an unlikely party, and tensions between Taiwan and China look to be escalating. Read all about these stories and more in this week’s Friday Five.
📖 Read
via "".