β S3 Ep100: Browser-in-the-Browser β how to spot an attack [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...π Read
via "Naked Security".
Naked Security
S3 Ep100: Browser-in-the-Browser β how to spot an attack [Audio + Text]
Latest episode β listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLTβ¦
βΌ CVE-2022-27561 βΌ
π Read
via "National Vulnerability Database".
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf).π Read
via "National Vulnerability Database".
βΌ CVE-2022-36074 βΌ
π Read
via "National Vulnerability Database".
Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36075 βΌ
π Read
via "National Vulnerability Database".
Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issueπ Read
via "National Vulnerability Database".
βΌ CVE-2022-39215 βΌ
π Read
via "National Vulnerability Database".
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29240 βΌ
π Read
via "National Vulnerability Database".
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of decompression buffer won't be overwritten, and will be left uninitialized. This can be exploited in several ways, depending on the privileges of the user. 1. The main exploit is that an attacker with access to CQL port, but no user account, can bypass authentication, but only if there are other legitimate clients making connections to the cluster, and they use LZ4. 2. Attacker that already has a user account on the cluster can read parts of uninitialized memory, which can contain things like passwords of other users or fragments of other queries / results, which leads to authorization bypass and sensitive information disclosure. The bug has been patched in the following versions: Scylla Enterprise: 2020.1.14, 2021.1.12, 2022.1.0. Scylla Open Source: 4.6.7, 5.0.3. Users unable to upgrade should make sure none of their drivers connect to cluster using LZ4 compression, and that Scylla CQL port is behind firewall. Additionally make sure no untrusted client can connect to Scylla, by setting up authentication and applying workarounds from previous point (firewall, no lz4 compression).π Read
via "National Vulnerability Database".
βΌ CVE-2022-39213 βΌ
π Read
via "National Vulnerability Database".
go-cvss is a Go module to manipulate Common Vulnerability Scoring System (CVSS). In affected versions when a full CVSS v2.0 vector string is parsed using `ParseVector`, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag `v0.4.0`, by the commit `d9d478ff0c13b8b09ace030db9262f3c2fe031f4`. Users are advised to upgrade. Users unable to upgrade may avoid this issue by parsing only CVSS v2.0 vector strings that do not have all attributes defined (e.g. `AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:M/IR:M/AR:M`). As stated in [SECURITY.md](https://github.com/pandatix/go-cvss/blob/master/SECURITY.md), the CPE v2.3 to refer to this Go module is `cpe:2.3:a:pandatix:go_cvss:*:*:*:*:*:*:*:*`. The entry has already been requested to the NVD CPE dictionary.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22091 βΌ
π Read
via "National Vulnerability Database".
Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2351 βΌ
π Read
via "National Vulnerability Database".
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2798 βΌ
π Read
via "National Vulnerability Database".
The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the dataπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25708 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2863 βΌ
π Read
via "National Vulnerability Database".
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attackπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2737 βΌ
π Read
via "National Vulnerability Database".
The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2022-2877 βΌ
π Read
via "National Vulnerability Database".
The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25690 βΌ
π Read
via "National Vulnerability Database".
Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Musicπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2635 βΌ
π Read
via "National Vulnerability Database".
The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2022-25670 βΌ
π Read
via "National Vulnerability Database".
Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2799 βΌ
π Read
via "National Vulnerability Database".
The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25669 βΌ
π Read
via "National Vulnerability Database".
Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-22092 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobileπ Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-25693 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobileπ Read
via "National Vulnerability Database".