βΌ CVE-2022-36052 βΌ
π Read
via "National Vulnerability Database".
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8.π Read
via "National Vulnerability Database".
π΄ Apple Quietly Releases Another Patch for Zero-Day RCE Bug π΄
π Read
via "Dark Reading".
Apple continues a staged update process to address a WebKit vulnerability that allows attackers to craft malicious web content to load malware on affected devices.π Read
via "Dark Reading".
Dark Reading
Apple Quietly Releases Another Patch for Zero-Day RCE Bug
Apple continues a staged update process to address a WebKit vulnerability that allows attackers to craft malicious Web content to load malware on affected devices.
βΌ CVE-2022-37435 βΌ
π Read
via "National Vulnerability Database".
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3.π Read
via "National Vulnerability Database".
π GNU Privacy Guard 2.2.38 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.38 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β S3 Ep98: The LastPass saga β should we stop using password managers? [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep98: The LastPass saga β should we stop using password managers? [Audio + Text]
Latest episode β listen now!
π1
π΄ Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects π΄
π Read
via "Dark Reading".
The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment.π Read
via "Dark Reading".
Dark Reading
Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects
The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment.
βΌ CVE-2022-36355 βΌ
π Read
via "National Vulnerability Database".
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36373 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28199 βΌ
π Read
via "National Vulnerability Database".
NVIDIAΓ’β¬β’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36796 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress.π Read
via "National Vulnerability Database".
π΄ New Guidelines Spell Out How to Test IoT Security Products π΄
π Read
via "Dark Reading".
The proposed AMTSO guidelines offer a roadmap for comprehensive testing of IoT security products.π Read
via "Dark Reading".
Dark Reading
New Guidelines Spell Out How to Test IoT Security Products
The proposed AMTSO guidelines offer a roadmap for comprehensive testing of IoT security products.
π΄ Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams π΄
π Read
via "Dark Reading".
The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices.π Read
via "Dark Reading".
Dark Reading
Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams
The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices.
βΌ CVE-2022-34380 βΌ
π Read
via "National Vulnerability Database".
Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39045 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36583 βΌ
π Read
via "National Vulnerability Database".
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35530 βΌ
π Read
via "National Vulnerability Database".
In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34372 βΌ
π Read
via "National Vulnerability Database".
Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentialityπ Read
via "National Vulnerability Database".
βΌ CVE-2020-4301 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35534 βΌ
π Read
via "National Vulnerability Database".
In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35525 βΌ
π Read
via "National Vulnerability Database".
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2996 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.π Read
via "National Vulnerability Database".