βΌ CVE-2022-34375 βΌ
π Read
via "National Vulnerability Database".
Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36731 βΌ
π Read
via "National Vulnerability Database".
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27560 βΌ
π Read
via "National Vulnerability Database".
HCL VersionVault Express exposes administrator credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36745 βΌ
π Read
via "National Vulnerability Database".
LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27563 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36748 βΌ
π Read
via "National Vulnerability Database".
PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36747 βΌ
π Read
via "National Vulnerability Database".
Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel().π Read
via "National Vulnerability Database".
βΌ CVE-2022-36749 βΌ
π Read
via "National Vulnerability Database".
RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36746 βΌ
π Read
via "National Vulnerability Database".
LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39047 βΌ
π Read
via "National Vulnerability Database".
Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37021 βΌ
π Read
via "National Vulnerability Database".
Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. If upgrading to Java 11 is not possible, then upgrade to Apache Geode 1.15 and specify "--J=-Dgeode.enableGlobalSerialFilter=true" when starting any Locators or Servers. Follow the documentation for details on specifying any user classes that may be serialized/deserialized with the "serializable-object-filter" configuration option. Using a global serial filter will impact performance.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37023 βΌ
π Read
via "National Vulnerability Database".
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details on enabling "validate-serializable-objects=true" and specifying any user classes that may be serialized/deserialized with "serializable-object-filter". Enabling "validate-serializable-objects" may impact performance.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37022 βΌ
π Read
via "National Vulnerability Database".
Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will automatically protect JMX over RMI against deserialization attacks. This should have no impact on performance since it only affects JMX/RMI which Gfsh uses to communicate with the JMX Manager which is hosted on a Locator.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39046 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.π Read
via "National Vulnerability Database".
β JavaScript bugs aplenty in Node.js ecosystem β found automatically β
π Read
via "Naked Security".
How to get the better of bugs in all the possible packages in your supply chain?π Read
via "Naked Security".
Naked Security
JavaScript bugs aplenty in Node.js ecosystem β found automatically
How to get the better of bugs in all the possible packages in your supply chain?
β Chrome patches 24 security holes, enables βSanitizerβ safety system β
π Read
via "Naked Security".
24 existing bugs fixed. And, we hope, numerous potential future bugs prevented.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Student Loan Breach Exposes 2.5M Records β
π Read
via "Threat Post".
2.5 million people were affected, in a breach that could spell more trouble down the line.π Read
via "Threat Post".
Threat Post
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
π΄ SecureAuth Announces General Availability of Arculix, Its Next-Gen Passwordless, Continuous-Authentication Platform π΄
π Read
via "Dark Reading".
Next-gen platform delivers adaptive and robust, continuous authentication with identity orchestration and a frictionless user experience.π Read
via "Dark Reading".
Dark Reading
SecureAuth Announces General Availability of Arculix, Its Next-Gen Passwordless, Continuous-Authentication Platform
Next-gen platform delivers adaptive and robust, continuous authentication with identity orchestration and a frictionless user experience.
π΄ The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks π΄
π Read
via "Dark Reading".
While cloud breaches are going to happen, that doesn't mean we can't do anything about them. By better understanding cloud attacks, organizations can better prepare for them. (First of two parts.)π Read
via "Dark Reading".
Dark Reading
The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks
While cloud breaches are going to happen, that doesn't mean we can't do anything about them. By better understanding cloud attacks, organizations can better prepare for them. (First of two parts.)
ποΈ Command injection vulnerability in GitHub Pages nets bug hunter $4k ποΈ
π Read
via "The Daily Swig".
Exploit involved duping developers into exposing repositories with social engineering techniquesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Command injection vulnerability in GitHub Pages nets bug hunter $4k
Exploit involved duping developers into exposing repositories with social engineering techniques
ποΈ Three-day hackathon uncovers hundreds of bugs in Yahoo search engine tool Vespa ποΈ
π Read
via "The Daily Swig".
Live event brings together bug bounty hunters from across the globeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Three-day hackathon uncovers hundreds of bugs in Yahoo search engine tool Vespa
Live event brings together bug bounty hunters from across the globe