βΌ CVE-2022-39217 βΌ
π Read
via "National Vulnerability Database".
some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version `v1`. Users are advised to use `v1` or later. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39210 βΌ
π Read
via "National Vulnerability Database".
Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3173 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3231 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39960 βΌ
π Read
via "National Vulnerability Database".
The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.π Read
via "National Vulnerability Database".
β UBER HAS BEEN HACKED, boasts hacker β how to stop it happening to you β
π Read
via "Naked Security".
Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?"π Read
via "Naked Security".
Naked Security
UBER HAS BEEN HACKED, boasts hacker β how to stop it happening to you
Uber is all over the news for a widely-publicised data breach. We help you answer the question, βHow do I stop this happening to me?β
β S3 Ep100.5: Uber breach β an expert speaks [Audio + Text] β
π Read
via "Naked Security".
Chester Wisniewski on what we can learn from Uber: "Just because a big company didn't have the security they should doesn't mean you can't."π Read
via "Naked Security".
Naked Security
S3 Ep100.5: Uber breach β an expert speaks [Audio + Text]
Chester Wisniewski on what we can learn from Uber: βJust because a big company didnβt have the security they should doesnβt mean you canβt.β
βΌ CVE-2022-3232 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3234 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40768 βΌ
π Read
via "National Vulnerability Database".
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40766 βΌ
π Read
via "National Vulnerability Database".
Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40769 βΌ
π Read
via "National Vulnerability Database".
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40775 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40774 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-40778 βΌ
π Read
via "National Vulnerability Database".
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38617 βΌ
π Read
via "National Vulnerability Database".
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.π Read
via "National Vulnerability Database".
π3
ποΈ βSecurity teams often fight against developers taking controlβ of AppSec: Tanya Janca on the drive to DevSecOps adoption ποΈ
π Read
via "The Daily Swig".
Infosec advocate speaks to The Daily Swig about the benefits of, and barriers to, βshifting leftβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βSecurity teams often fight against developers taking controlβ of AppSec: Tanya Janca on the drive to DevSecOps adoption
Infosec advocate speaks to The Daily Swig about the benefits of, and barriers to, βshifting leftβ
βΌ CVE-2022-40811 βΌ
π Read
via "National Vulnerability Database".
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40074 βΌ
π Read
via "National Vulnerability Database".
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2754 βΌ
π Read
via "National Vulnerability Database".
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1591 βΌ
π Read
via "National Vulnerability Database".
The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attackπ Read
via "National Vulnerability Database".