β S3 Ep98: The LastPass saga β should we stop using password managers? [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep98: The LastPass saga β should we stop using password managers? [Audio + Text]
Latest episode β listen now!
π1
π΄ Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects π΄
π Read
via "Dark Reading".
The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment.π Read
via "Dark Reading".
Dark Reading
Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects
The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment.
βΌ CVE-2022-36355 βΌ
π Read
via "National Vulnerability Database".
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36373 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28199 βΌ
π Read
via "National Vulnerability Database".
NVIDIAΓ’β¬β’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36796 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress.π Read
via "National Vulnerability Database".
π΄ New Guidelines Spell Out How to Test IoT Security Products π΄
π Read
via "Dark Reading".
The proposed AMTSO guidelines offer a roadmap for comprehensive testing of IoT security products.π Read
via "Dark Reading".
Dark Reading
New Guidelines Spell Out How to Test IoT Security Products
The proposed AMTSO guidelines offer a roadmap for comprehensive testing of IoT security products.
π΄ Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams π΄
π Read
via "Dark Reading".
The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices.π Read
via "Dark Reading".
Dark Reading
Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams
The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices.
βΌ CVE-2022-34380 βΌ
π Read
via "National Vulnerability Database".
Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39045 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36583 βΌ
π Read
via "National Vulnerability Database".
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35530 βΌ
π Read
via "National Vulnerability Database".
In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34372 βΌ
π Read
via "National Vulnerability Database".
Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentialityπ Read
via "National Vulnerability Database".
βΌ CVE-2020-4301 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35534 βΌ
π Read
via "National Vulnerability Database".
In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35525 βΌ
π Read
via "National Vulnerability Database".
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2996 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35535 βΌ
π Read
via "National Vulnerability Database".
In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3061 βΌ
π Read
via "National Vulnerability Database".
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45027 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35529 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".