βΌ CVE-2022-36323 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36325 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions). Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.π Read
via "National Vulnerability Database".
π΄ Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud-Native Threat Landscape π΄
π Read
via "Dark Reading".
New release also includes enterprise-grade cloud security posture management (CSPM) and YARA-based malware scanning capabilities.π Read
via "Dark Reading".
Dark Reading
Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud-Native Threat Landscape
New release also includes enterprise-grade cloud security posture management (CSPM) and YARA-based malware scanning capabilities.
βοΈ The Security Pros and Cons of Using Email Aliases βοΈ
π Read
via "Krebs on Security".
One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a "+" character after the username portion of your email address -- followed by a notation specific to the site you're signing up at -- lets you create an infinite number of unique email addresses tied to the same account. Aliases can help users detect breaches and fight spam. But not all websites allow aliases, and they can complicate account recovery. Here's a look at the pros and cons of adopting a unique alias for each website.π Read
via "Krebs on Security".
Krebs on Security
The Security Pros and Cons of Using Email Aliases
One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a "+" character after the username portion of your email address -- followed byβ¦
π΄ Bugcrowd Taps Top Hackers for Live Hacking Event with Indeed at 2022 Black Hat Conference π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Bugcrowd Taps Top Hackers for Live Hacking Event with Indeed at 2022 Black Hat Conference
π΄ OPSWAT Presents New Malware Analysis Capabilities for Operational Technology at Black Hat USA 2022 π΄
π Read
via "Dark Reading".
Product enhancements to offer full IT and OT threat intelligence services for OPSWAT customers.π Read
via "Dark Reading".
Dark Reading
OPSWAT Presents New Malware Analysis Capabilities for Operational Technology at Black Hat USA 2022
Product enhancements to offer full IT and OT threat intelligence services for OPSWAT customers.
π΄ Mimecast Announces Mimecast X1β’ Platform Providing Customers With Email and Collaboration Security π΄
π Read
via "Dark Reading".
Platform engineered to let organizations mitigate risk and manage complexities.π Read
via "Dark Reading".
Dark Reading
Mimecast Announces Mimecast X1β’ Platform Providing Customers With Email and Collaboration Security
Platform engineered to let organizations mitigate risk and manage complexities.
β APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦ β
π Read
via "Naked Security".
If you've ever written code that left stuff lying around in memory when you didn't need it any more... we bet you've regretted it!π Read
via "Naked Security".
Naked Security
APIC/EPIC! Intel chips leak secrets even the kernel shouldnβt seeβ¦
If youβve ever written code that left stuff lying around in memory when you didnβt need it any moreβ¦ we bet youβve regretted it!
βΌ CVE-2022-38133 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some casesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-33926 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. A remote malicious user could exploit this vulnerability in order to retain access to a file repository after it has been revoked.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20866 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29090 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34365 βΌ
π Read
via "National Vulnerability Database".
WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33930 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. An attacker could potentially exploit this vulnerability, leading to the disclosure of certain sensitive information. The attacker may be able to use the exposed information to access and further vulnerability research.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33925 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33924 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability with which an attacker with no access to create rules could potentially exploit this vulnerability and create rules.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0028 βΌ
π Read
via "National Vulnerability Database".
A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. We have taken prompt action to address this issue in our PAN-OS software. All software updates for this issue are expected to be released no later than the week of August 15, 2022. This issue does not impact Panorama M-Series or Panorama virtual appliances. This issue has been resolved for all Cloud NGFW and Prisma Access customers and no additional action is required from them.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33931 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An attacker with no access to Alert Classification page could potentially exploit this vulnerability, leading to the change the alert categories.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35715 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 231202.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33928 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2756 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.π Read
via "National Vulnerability Database".