‼ CVE-2022-38509 ‼
📖 Read
via "National Vulnerability Database".
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38532 ‼
📖 Read
via "National Vulnerability Database".
Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35062 ‼
📖 Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38527 ‼
📖 Read
via "National Vulnerability Database".
UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35068 ‼
📖 Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0143 ‼
📖 Read
via "National Vulnerability Database".
When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37032 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35067 ‼
📖 Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38339 ‼
📖 Read
via "National Vulnerability Database".
Safe Software FME Server v2022.0.1.1 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.📖 Read
via "National Vulnerability Database".
📢 Organisations are scaling back their open source software due to security fears – Anaconda 📢
📖 Read
via "ITPro".
Latest report reveals that 40% of professional respondents dialled back usage in the last year, while talent shortages and education remain top concerns📖 Read
via "ITPro".
IT PRO
Organisations are scaling back their open source software due to security fears – Anaconda | IT PRO
Latest report reveals that 40% of professional respondents dialled back usage in the last year, while talent shortages and education remain top concerns
❤1
📢 Uber hacked via basic smishing attack 📢
📖 Read
via "ITPro".
The self-taught hacker impersonated an IT worker to gain an Uber employee's password, obtaining broad access to internal systems and posting taunting messages📖 Read
via "ITPro".
ITPro
Uber hacked via basic smishing attack
The self-taught hacker impersonated an IT worker to gain an Uber employee's password, obtaining broad access to internal systems and posting taunting messages
📢 Acronis Cyber Protect 22 Advanced review: The next level of data protection 📢
📖 Read
via "ITPro".
Joined-up hybrid backup and cybersecurity services, all easily managed from a single cloud portal📖 Read
via "ITPro".
IT PRO
Acronis Cyber Protect 22 Advanced review: The next level of data protection | IT PRO
Joined-up hybrid backup and cybersecurity services, all easily managed from a single cloud portal
📢 Bell Canada subsidiary hit by Hive ransomware attack 📢
📖 Read
via "ITPro".
The news breaks weeks after the hacker group claimed an attack on French telecom giant Altice📖 Read
via "ITPro".
IT PRO
Bell Canada subsidiary hit by Hive ransomware attack | IT PRO
The news breaks weeks after the hacker group claimed an attack on French telecom giant Altice
📢 The cyber security skills your business needs 📢
📖 Read
via "ITPro".
The threat landscape is constantly evolving, so it's important your staff are equipped with the right tools📖 Read
via "ITPro".
IT PRO
The cyber security skills your business needs | IT PRO
The threat landscape is constantly evolving, so it's important your staff are equipped with the right tools
📢 Elon Musk condemns Twitter's data security lapses 📢
📖 Read
via "ITPro".
The Tesla owner banks on whistleblower Peiter "Mudge" Zatko's claims to bolster countersuit against Twitter📖 Read
via "ITPro".
IT PRO
Elon Musk condemns Twitter's data security lapses | IT PRO
The Tesla owner banks on whistleblower Peiter "Mudge" Zatko's claims to bolster countersuit against Twitter
📢 C-suite executives say software supply chain hacks have become a 'chief concern' 📢
📖 Read
via "ITPro".
Leaders at companies around the world say the prospect of such an attack has become front of mind since the notorious hacks on SolarWinds and Kaseya rocked the industry📖 Read
via "ITPro".
IT PRO
C-suite executives say software supply chain hacks have become a 'chief concern' | IT PRO
Leaders at companies around the world say the prospect of such an attack has become front of mind since the notorious hacks on SolarWinds and Kaseya rocked the industry
‼ CVE-2022-39958 ‼
📖 Read
via "National Vulnerability Database".
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected by a web application firewall that uses CRS. Short subsections of a restricted resource may bypass pattern matching techniques and allow undetected access. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively and to configure a CRS paranoia level of 3 or higher.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39956 ‼
📖 Read
via "National Vulnerability Database".
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. The multipart payload will therefore bypass detection. A vulnerable backend that supports these encoding schemes can potentially be exploited. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. The mitigation against these vulnerabilities depends on the installation of the latest ModSecurity version (v2.9.6 / v3.0.8).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34917 ‼
📖 Read
via "National Vulnerability Database".
A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2924 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39955 ‼
📖 Read
via "National Vulnerability Database".
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" names and therefore bypassing the configurable CRS Content-Type header "charset" allow list. An encoded payload can bypass CRS detection this way and may then be decoded by the backend. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.📖 Read
via "National Vulnerability Database".