‼ CVE-2022-2075 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.📖 Read
via "National Vulnerability Database".
🗓️ API security: Broken access controls, injection attacks plague the enterprise security landscape in 2022 🗓️
📖 Read
via "The Daily Swig".
Spring4Shell and Veeam RCE exploit topped the list in Q1 2022📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
API security: Broken access controls, injection attacks plague the enterprise security landscape in 2022
Spring4Shell and Veeam RCE exploit topped the list in Q1 2022
🔏 Friday Five 8/19 🔏
📖 Read
via "".
Security issues in Apple devices and one of the largest DDoS attacks on record dominated the headlines this week. Read about these stories and more all in this week's Friday Five!
📖 Read
via "".
‼ CVE-2022-2886 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35910 ‼
📖 Read
via "National Vulnerability Database".
In Jellyfin before 10.8, stored XSS allows theft of an admin access token.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35909 ‼
📖 Read
via "National Vulnerability Database".
In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2889 ‼
📖 Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0224.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36220 ‼
📖 Read
via "National Vulnerability Database".
Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1021 ‼
📖 Read
via "National Vulnerability Database".
Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29805 ‼
📖 Read
via "National Vulnerability Database".
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload.📖 Read
via "National Vulnerability Database".
🕴 Cyber Resiliency Isn't Just About Technology, It's About People 🕴
📖 Read
via "Dark Reading".
To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel.📖 Read
via "Dark Reading".
Dark Reading
Cyber Resiliency Isn't Just About Technology, It's About People
To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel.
❌ iPhone Users Urged to Update to Patch 2 Zero-Days ❌
📖 Read
via "Threat Post".
Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices. iOS 15.6.1 and macOS Monterey 12.5.1 both patch the two flaws, which basically impact […]📖 Read
via "Threat Post".
Threat Post
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
‼ CVE-2022-34624 ‼
📖 Read
via "National Vulnerability Database".
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34621 ‼
📖 Read
via "National Vulnerability Database".
Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36605 ‼
📖 Read
via "National Vulnerability Database".
Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-35201 ‼
📖 Read
via "National Vulnerability Database".
Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36263 ‼
📖 Read
via "National Vulnerability Database".
StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34615 ‼
📖 Read
via "National Vulnerability Database".
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34623 ‼
📖 Read
via "National Vulnerability Database".
Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36606 ‼
📖 Read
via "National Vulnerability Database".
Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36577 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.📖 Read
via "National Vulnerability Database".