βΌ CVE-2022-2654 βΌ
π Read
via "National Vulnerability Database".
The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25656 βΌ
π Read
via "National Vulnerability Database".
Possible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the payload size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25653 βΌ
π Read
via "National Vulnerability Database".
Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25652 βΌ
π Read
via "National Vulnerability Database".
Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-22089 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2655 βΌ
π Read
via "National Vulnerability Database".
The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25688 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-40154 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40152 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40153 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40151 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40149 βΌ
π Read
via "National Vulnerability Database".
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3223 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40156 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40150 βΌ
π Read
via "National Vulnerability Database".
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40155 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
π Packet Fence 12.0.0 π
π Read
via "Packet Storm Security".
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.π Read
via "Packet Storm Security".
Packetstormsecurity
Packet Fence 12.0.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Friday Five 9/16 π
π Read
via "".
Twitterβs security scandal going from bad to worse and malware spreading through YouTube made headlines this week. Read about these stories and more in this weekβs Friday Five!
π Read
via "".
ποΈ Uber hack linked to hardcoded secrets spotted in powershell script ποΈ
π Read
via "The Daily Swig".
Social engineering attack compromises internal networks and Uberβs bug bounty reportsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Uber hack linked to hardcoded secrets spotted in PowerShell script
Social engineering attack compromises internal networks and Uberβs bug bounty reports
β UBER HAS BEEN HACKED, boasts hacker β how to stop it happening to you β
π Read
via "Naked Security".
Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?"π Read
via "Naked Security".
Naked Security
UBER HAS BEEN HACKED, boasts hacker β how to stop it happening to you
Uber is all over the news for a widely-publicised data breach. We help you answer the question, βHow do I stop this happening to me?β
ποΈ NETGEAR resolves router vulnerabilities in bundled gaming component ποΈ
π Read
via "The Daily Swig".
Silicon Valley vendor tackles command injection and MitM-to-RCE issuesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NETGEAR resolves router vulnerabilities in bundled gaming component
Silicon Valley vendor tackles command injection and MitM-to-RCE issues