‼ CVE-2022-35064 ‼
📖 Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28321 ‼
📖 Read
via "National Vulnerability Database".
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35065 ‼
📖 Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38545 ‼
📖 Read
via "National Vulnerability Database".
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38509 ‼
📖 Read
via "National Vulnerability Database".
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38532 ‼
📖 Read
via "National Vulnerability Database".
Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35062 ‼
📖 Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38527 ‼
📖 Read
via "National Vulnerability Database".
UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35068 ‼
📖 Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0143 ‼
📖 Read
via "National Vulnerability Database".
When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37032 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35067 ‼
📖 Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38339 ‼
📖 Read
via "National Vulnerability Database".
Safe Software FME Server v2022.0.1.1 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.📖 Read
via "National Vulnerability Database".
📢 Organisations are scaling back their open source software due to security fears – Anaconda 📢
📖 Read
via "ITPro".
Latest report reveals that 40% of professional respondents dialled back usage in the last year, while talent shortages and education remain top concerns📖 Read
via "ITPro".
IT PRO
Organisations are scaling back their open source software due to security fears – Anaconda | IT PRO
Latest report reveals that 40% of professional respondents dialled back usage in the last year, while talent shortages and education remain top concerns
❤1
📢 Uber hacked via basic smishing attack 📢
📖 Read
via "ITPro".
The self-taught hacker impersonated an IT worker to gain an Uber employee's password, obtaining broad access to internal systems and posting taunting messages📖 Read
via "ITPro".
ITPro
Uber hacked via basic smishing attack
The self-taught hacker impersonated an IT worker to gain an Uber employee's password, obtaining broad access to internal systems and posting taunting messages
📢 Acronis Cyber Protect 22 Advanced review: The next level of data protection 📢
📖 Read
via "ITPro".
Joined-up hybrid backup and cybersecurity services, all easily managed from a single cloud portal📖 Read
via "ITPro".
IT PRO
Acronis Cyber Protect 22 Advanced review: The next level of data protection | IT PRO
Joined-up hybrid backup and cybersecurity services, all easily managed from a single cloud portal
📢 Bell Canada subsidiary hit by Hive ransomware attack 📢
📖 Read
via "ITPro".
The news breaks weeks after the hacker group claimed an attack on French telecom giant Altice📖 Read
via "ITPro".
IT PRO
Bell Canada subsidiary hit by Hive ransomware attack | IT PRO
The news breaks weeks after the hacker group claimed an attack on French telecom giant Altice
📢 The cyber security skills your business needs 📢
📖 Read
via "ITPro".
The threat landscape is constantly evolving, so it's important your staff are equipped with the right tools📖 Read
via "ITPro".
IT PRO
The cyber security skills your business needs | IT PRO
The threat landscape is constantly evolving, so it's important your staff are equipped with the right tools
📢 Elon Musk condemns Twitter's data security lapses 📢
📖 Read
via "ITPro".
The Tesla owner banks on whistleblower Peiter "Mudge" Zatko's claims to bolster countersuit against Twitter📖 Read
via "ITPro".
IT PRO
Elon Musk condemns Twitter's data security lapses | IT PRO
The Tesla owner banks on whistleblower Peiter "Mudge" Zatko's claims to bolster countersuit against Twitter
📢 C-suite executives say software supply chain hacks have become a 'chief concern' 📢
📖 Read
via "ITPro".
Leaders at companies around the world say the prospect of such an attack has become front of mind since the notorious hacks on SolarWinds and Kaseya rocked the industry📖 Read
via "ITPro".
IT PRO
C-suite executives say software supply chain hacks have become a 'chief concern' | IT PRO
Leaders at companies around the world say the prospect of such an attack has become front of mind since the notorious hacks on SolarWinds and Kaseya rocked the industry
‼ CVE-2022-39958 ‼
📖 Read
via "National Vulnerability Database".
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected by a web application firewall that uses CRS. Short subsections of a restricted resource may bypass pattern matching techniques and allow undetected access. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively and to configure a CRS paranoia level of 3 or higher.📖 Read
via "National Vulnerability Database".