‼ CVE-2022-36044 ‼
📖 Read
via "National Vulnerability Database".
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32277 ‼
📖 Read
via "National Vulnerability Database".
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36757 ‼
📖 Read
via "National Vulnerability Database".
Xaomi Mi Browser v13.10.0-gn contains a vulnerability which allows attackers to execute arbitrary code via user interaction with a crafted URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36041 ‼
📖 Read
via "National Vulnerability Database".
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37253 ‼
📖 Read
via "National Vulnerability Database".
Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26859 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36058 ‼
📖 Read
via "National Vulnerability Database".
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks (historical or actual) could encounter a `MultiESDTNFTTransfer` transaction like this: `MultiESDTNFTTransfer` with a missing function name. Basic functionality like p2p messaging, storage, API requests and such are unaffected. Version 1.3.34 contains a fix for this issue. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26860 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37185 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability exists in the school information query interface (repschoolproj.php) of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36663 ‼
📖 Read
via "National Vulnerability Database".
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26858 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3134 ‼
📖 Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0388.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36040 ‼
📖 Read
via "National Vulnerability Database".
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36065 ‼
📖 Read
via "National Vulnerability Database".
GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the right location, they can execute arbitrary code within the container. To be affected, ALL of the following must be true: Self-hosted deployment (GrowthBook Cloud is unaffected); using local file uploads (as opposed to S3 or Google Cloud Storage); NODE_ENV set to a non-production value and JWT_SECRET set to an easily guessable string like `dev`. This issue is patched in commit 1a5edff8786d141161bf880c2fd9ccbe2850a264 (2022-08-29). As a workaround, set `JWT_SECRET` environment variable to a long random string. This will stop arbitrary file uploads, but the only way to stop attackers from registering accounts is by updating to the latest build.📖 Read
via "National Vulnerability Database".
🕴 Report Highlights Prevalence of Software Supply Chain Risks 🕴
📖 Read
via "Dark Reading".
Multiclient research report shows organizations are significantly increasing efforts to secure their supply chains in response to software supply chain attacks.📖 Read
via "Dark Reading".
Dark Reading
Report Highlights Prevalence of Software Supply Chain Risks
Multiclient research report shows organizations are significantly increasing efforts to secure their supply chains in response to software supply chain attacks.
🗓️ A rough guide to launching a career in cybersecurity 🗓️
📖 Read
via "The Daily Swig".
Entry-level training courses offer paths to glory📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
A rough guide to launching a career in cybersecurity
Entry-level training courses offer paths to glory
‼ CVE-2022-40023 ‼
📖 Read
via "National Vulnerability Database".
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37189 ‼
📖 Read
via "National Vulnerability Database".
DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-36659 ‼
📖 Read
via "National Vulnerability Database".
xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_write(). This vulnerability allows attackers to cause a Denial of Service via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36660 ‼
📖 Read
via "National Vulnerability Database".
xhyve commit dfbe09b was discovered to contain a stack buffer overflow via the component pci_vtrnd_notify().📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36539 ‼
📖 Read
via "National Vulnerability Database".
WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children.📖 Read
via "National Vulnerability Database".