ποΈ WordPress project WPHash harvests 75 million hashes for detecting vulnerable plugins ποΈ
π Read
via "The Daily Swig".
Project mission is to crowdsource the indexing and curating of plugin bug dataπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
WordPress project WPHash harvests 75 million hashes for detecting vulnerable plugins
Project mission is to crowdsource the indexing and curating of plugin bug data
ποΈ Vulnerability in Xalan-J could allow arbitrary code execution ποΈ
π Read
via "The Daily Swig".
Open source project is used by various SAML implementationsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Vulnerability in Xalan-J could allow arbitrary code execution
Open source project is used by various SAML implementations
βΌ CVE-2022-37767 βΌ
π Read
via "National Vulnerability Database".
Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbokπ Read
via "National Vulnerability Database".
βΌ CVE-2022-37734 βΌ
π Read
via "National Vulnerability Database".
graphql-java before19.0 is vulnerable to Denial of Service. An attacker send a malicious GraphQL query that consumes CPU resources.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37797 βΌ
π Read
via "National Vulnerability Database".
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.π Read
via "National Vulnerability Database".
β How to deal with dates and times without any timezone tantrumsβ¦ β
π Read
via "Naked Security".
Heartfelt encouragement to embrace RFC 3339 - find out why!π Read
via "Naked Security".
Naked Security
How to deal with dates and times without any timezone tantrumsβ¦
Heartfelt encouragement to embrace RFC 3339 β find out why!
βΌ CVE-2022-3178 βΌ
π Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31220 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37300 βΌ
π Read
via "National Vulnerability Database".
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).π Read
via "National Vulnerability Database".
βΌ CVE-2022-31224 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31223 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31221 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31222 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31226 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31225 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1700 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37860 βΌ
π Read
via "National Vulnerability Database".
The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.π Read
via "National Vulnerability Database".
β Apple patches a zero-day hole β even in the brand new iOS 16 β
π Read
via "Naked Security".
Five updates, one upgrade, plus a zero-day. Patch your Macs, iPhones and iPads as soon as you can (again)...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2021-44426 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38605 βΌ
π Read
via "National Vulnerability Database".
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38295 βΌ
π Read
via "National Vulnerability Database".
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.π Read
via "National Vulnerability Database".