βΌ CVE-2022-2379 βΌ
π Read
via "National Vulnerability Database".
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etcπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2818 βΌ
π Read
via "National Vulnerability Database".
Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37401 βΌ
π Read
via "National Vulnerability Database".
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOfficeπ Read
via "National Vulnerability Database".
ποΈ Healthcare provider Novant issues data breach warning after site tracking pixels sent patientsβ information to Meta servers ποΈ
π Read
via "The Daily Swig".
Leaked data potentially included patientsβ email addresses, phone numbers, and device IP addressesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Healthcare provider Novant issues data breach warning after site tracking pixels sent patientsβ information to Meta servers
Leaked data potentially included patientsβ email addresses, phone numbers, and device IP addresses
π1
β Black Hat and DEF CON Roundup β
π Read
via "Threat Post".
βSummer Campβ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.π Read
via "Threat Post".
Threat Post
Black Hat and DEF CON Roundup
βSummer Campβ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
ποΈ Germany to mandate minimum security standards for web browsers in government ποΈ
π Read
via "The Daily Swig".
Less celebrated browsers and deprecated applications like Internet Explorer will be browsers non-grataπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Germany to mandate minimum security standards for web browsers in government
Less celebrated browsers and deprecated applications like Internet Explorer will be browsers non-grata
π΄ How and Why to Apply OSINT to Protect the Enterprise π΄
π Read
via "Dark Reading".
Here's how to flip the tide and tap open source intelligence to protect your users.π Read
via "Dark Reading".
Dark Reading
How and Why to Apply OSINT to Protect the Enterprise
Here's how to flip the tide and tap open source intelligence to protect your users.
βΌ CVE-2022-33990 βΌ
π Read
via "National Vulnerability Database".
Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33992 βΌ
π Read
via "National Vulnerability Database".
DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33988 βΌ
π Read
via "National Vulnerability Database".
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34294 βΌ
π Read
via "National Vulnerability Database".
totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33989 βΌ
π Read
via "National Vulnerability Database".
dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33991 βΌ
π Read
via "National Vulnerability Database".
dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36262 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33993 βΌ
π Read
via "National Vulnerability Database".
Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.π Read
via "National Vulnerability Database".
β Zoom for Mac patches get-root bug β update now! β
π Read
via "Naked Security".
There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...π Read
via "Naked Security".
Naked Security
Zoom for Mac patches critical bug β update now!
Thereβs many a slip βtwixt the cup and the lip. Or at least between the TOC and the TOUβ¦
βΌ CVE-2022-36525 βΌ
π Read
via "National Vulnerability Database".
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35623 βΌ
π Read
via "National Vulnerability Database".
In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuthπ Read
via "National Vulnerability Database".
βΌ CVE-2022-36526 βΌ
π Read
via "National Vulnerability Database".
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36524 βΌ
π Read
via "National Vulnerability Database".
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2824 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".