βΌ CVE-2020-27801 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3914 βΌ
π Read
via "National Vulnerability Database".
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27800 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27796 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32570 βΌ
π Read
via "National Vulnerability Database".
In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some logΓ’β¬β’s files, under a common path, and read information stored in the logΓ’β¬β’s files in order to conduct privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36168 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:π Read
via "National Vulnerability Database".
βΌ CVE-2022-35192 βΌ
π Read
via "National Vulnerability Database".
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3020 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36120 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative function. Using a low/no privilege Blue Prism user account, the attacker can alter the server's settings by abusing the getChartData method, allowing the Blue Prism server to execute any MSSQL stored procedure by name.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29850 βΌ
π Read
via "National Vulnerability Database".
Various Lexmark products through 2022-04-27 allow External Control of a System or Configuration Setting because of Improper Input Validation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36226 βΌ
π Read
via "National Vulnerability Database".
SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36121 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30984 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38533 βΌ
π Read
via "National Vulnerability Database".
In GNU Binutils before 2.4.0, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.π Read
via "National Vulnerability Database".
ποΈ LastPass flags security incident after attackers stole source code, technical information ποΈ
π Read
via "The Daily Swig".
Usersβ master passwords are safe, thanks to companyβs βzero knowledgeβ architectureπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
LastPass flags security incident after attackers stole source code, technical information
Usersβ master passwords are safe, thanks to companyβs βzero knowledgeβ architecture
π΄ Capital One Joins Open Source Security Foundation π΄
π Read
via "Dark Reading".
OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain.π Read
via "Dark Reading".
Dark Reading
Capital One Joins Open Source Security Foundation
OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain.
π΄ Endpoint Protection / Antivirus Products Tested for Malware Protection π΄
π Read
via "Dark Reading".
Six out of the eight products achieved an "A" rating or higher for blocking malware attacks. Reports are provided to the community for free.π Read
via "Dark Reading".
Dark Reading
Endpoint Protection / Antivirus Products Tested for Malware Protection
Six out of the eight products achieved an "A" rating or higher for blocking malware attacks. Reports are provided to the community for free.
ποΈ Critical command injection vulnerability discovered in Bitbucket Server and Data Center ποΈ
π Read
via "The Daily Swig".
Update now to protect against flawπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical command injection vulnerability discovered in Bitbucket Server and Data Center
Update now to protect against flaw
π΄ 'No-Party' Data Architectures Promise More Control, Better Security π΄
π Read
via "Dark Reading".
Consumers gain control of their data while companies build better relationships with their customers β but third-party ad-tech firms will likely continue to stand in the way.π Read
via "Dark Reading".
Dark Reading
'No-Party' Data Architectures Promise More Control, Better Security
Consumers gain control of their data while companies build better relationships with their customers β but third-party ad-tech firms will likely continue to stand in the way.
π΄ How DevSecOps Empowers Citizen Developers π΄
π Read
via "Dark Reading".
DevSecOps can help overcome inheritance mentality, especially in low- and no-code environments.π Read
via "Dark Reading".
Dark Reading
How DevSecOps Empowers Citizen Developers
DevSecOps can help overcome inheritance mentality, especially in low- and no-code environments.
βΌ CVE-2022-36678 βΌ
π Read
via "National Vulnerability Database".
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.π Read
via "National Vulnerability Database".