‼ CVE-2022-28709 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.2.9 may allow a privileged user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37769 ‼
📖 Read
via "National Vulnerability Database".
libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30601 ‼
📖 Read
via "National Vulnerability Database".
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37048 ‼
📖 Read
via "National Vulnerability Database".
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29507 ‼
📖 Read
via "National Vulnerability Database".
Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
⚠ Apple patches double zero-day in browser and kernel – update now! ⚠
📖 Read
via "Naked Security".
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
⚠ S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now (or read if you prefer!)📖 Read
via "Naked Security".
Naked Security
S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, healthcare security [Audio + Text]
Latest episode – listen now (or read if you prefer!)
‼ CVE-2022-35540 ‼
📖 Read
via "National Vulnerability Database".
Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36599 ‼
📖 Read
via "National Vulnerability Database".
lib/omniauth/failure_endpoint.rb in OmniAuth before 2.0 does not escape the message_key value.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1901 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2074 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2049 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2075 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.📖 Read
via "National Vulnerability Database".
🗓️ API security: Broken access controls, injection attacks plague the enterprise security landscape in 2022 🗓️
📖 Read
via "The Daily Swig".
Spring4Shell and Veeam RCE exploit topped the list in Q1 2022📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
API security: Broken access controls, injection attacks plague the enterprise security landscape in 2022
Spring4Shell and Veeam RCE exploit topped the list in Q1 2022
🔏 Friday Five 8/19 🔏
📖 Read
via "".
Security issues in Apple devices and one of the largest DDoS attacks on record dominated the headlines this week. Read about these stories and more all in this week's Friday Five!
📖 Read
via "".
‼ CVE-2022-2886 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35910 ‼
📖 Read
via "National Vulnerability Database".
In Jellyfin before 10.8, stored XSS allows theft of an admin access token.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35909 ‼
📖 Read
via "National Vulnerability Database".
In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2889 ‼
📖 Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0224.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36220 ‼
📖 Read
via "National Vulnerability Database".
Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1021 ‼
📖 Read
via "National Vulnerability Database".
Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.📖 Read
via "National Vulnerability Database".