βΌ CVE-2022-25304 βΌ
π Read
via "National Vulnerability Database".
All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.π Read
via "National Vulnerability Database".
ποΈ GitLab patches critical remote code execution bug ποΈ
π Read
via "The Daily Swig".
Update now to protect against security vulnerabilityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitLab patches critical remote code execution bug
Update now to protect against security vulnerability
π1
βΌ CVE-2022-2956 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in ConsoleTVs Noxen. Affected is an unknown function of the file /Noxen-master/users.php. The manipulation of the argument create_user_username with the input "><script>alert(/xss/)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207000.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28817 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: No impact could be verified. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1989 βΌ
π Read
via "National Vulnerability Database".
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.π Read
via "National Vulnerability Database".
β Firewall Bug Under Active Attack Triggers CISA Warning β
π Read
via "Threat Post".
CISA is warning that Palo Alto Networksβ PAN-OS is under active attack and needs to be patched ASAP.π Read
via "Threat Post".
Threat Post
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networksβ PAN-OS is under active attack and needs to be patched ASAP.
ποΈ Security researchers blast βridiculousβ CrowdStrike bug disclosure practices ποΈ
π Read
via "The Daily Swig".
The vulnerability might not be noteworthy, but the reporting process may be A security firm has criticized CrowdStrike for operating a βridiculousβ bug bounty disclosure program following a sensor flaπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Security researchers blast βridiculousβ CrowdStrike bug disclosure practices
The vulnerability might not be noteworthy, but the reporting process may be
βΌ CVE-2022-37199 βΌ
π Read
via "National Vulnerability Database".
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35203 βΌ
π Read
via "National Vulnerability Database".
An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information.π Read
via "National Vulnerability Database".
π I2P 1.9.0 π
π Read
via "Packet Storm Security".
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.π Read
via "Packet Storm Security".
Packetstormsecurity
I2P 1.9.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Laptop denial-of-service via music: the 1980s R&B song with a CVE! β
π Read
via "Naked Security".
We haven't validated this vuln ourselves... but the source of the story is impeccable. (Impeccably dressed, at least.)π Read
via "Naked Security".
Naked Security
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
We havenβt validated this vuln ourselvesβ¦ but the source of the story is impeccable. (Impeccably dressed, at least.)
π2
β Bitcoin ATMs leeched by attackers who created fake admin accounts β
π Read
via "Naked Security".
The criminals didn't implant any malware. The attack was orchestrated via malevolent configuration changes.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-37223 βΌ
π Read
via "National Vulnerability Database".
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35278 βΌ
π Read
via "National Vulnerability Database".
In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.π Read
via "National Vulnerability Database".
π FBI Warns Proxies, Configurations Seen in More Credential Stuffing Attacks π
π Read
via "".
Attackers are using proxies and configurations to mask and automate credential stuffing attacks on US companies, the FBI warns.π Read
via "".
βΌ CVE-2021-23177 βΌ
π Read
via "National Vulnerability Database".
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3763 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3714 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20316 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3800 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3839 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.π Read
via "National Vulnerability Database".