βΌ CVE-2022-25652 βΌ
π Read
via "National Vulnerability Database".
Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-22089 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2655 βΌ
π Read
via "National Vulnerability Database".
The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25688 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-40154 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40152 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40153 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40151 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40149 βΌ
π Read
via "National Vulnerability Database".
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3223 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40156 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40150 βΌ
π Read
via "National Vulnerability Database".
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40155 βΌ
π Read
via "National Vulnerability Database".
Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.π Read
via "National Vulnerability Database".
π Packet Fence 12.0.0 π
π Read
via "Packet Storm Security".
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.π Read
via "Packet Storm Security".
Packetstormsecurity
Packet Fence 12.0.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Friday Five 9/16 π
π Read
via "".
Twitterβs security scandal going from bad to worse and malware spreading through YouTube made headlines this week. Read about these stories and more in this weekβs Friday Five!
π Read
via "".
ποΈ Uber hack linked to hardcoded secrets spotted in powershell script ποΈ
π Read
via "The Daily Swig".
Social engineering attack compromises internal networks and Uberβs bug bounty reportsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Uber hack linked to hardcoded secrets spotted in PowerShell script
Social engineering attack compromises internal networks and Uberβs bug bounty reports
β UBER HAS BEEN HACKED, boasts hacker β how to stop it happening to you β
π Read
via "Naked Security".
Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?"π Read
via "Naked Security".
Naked Security
UBER HAS BEEN HACKED, boasts hacker β how to stop it happening to you
Uber is all over the news for a widely-publicised data breach. We help you answer the question, βHow do I stop this happening to me?β
ποΈ NETGEAR resolves router vulnerabilities in bundled gaming component ποΈ
π Read
via "The Daily Swig".
Silicon Valley vendor tackles command injection and MitM-to-RCE issuesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NETGEAR resolves router vulnerabilities in bundled gaming component
Silicon Valley vendor tackles command injection and MitM-to-RCE issues
βΌ CVE-2022-38828 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgiπ Read
via "National Vulnerability Database".
βΌ CVE-2022-37250 βΌ
π Read
via "National Vulnerability Database".
Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38833 βΌ
π Read
via "National Vulnerability Database".
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=.π Read
via "National Vulnerability Database".
π1