βΌ CVE-2022-28980 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28982 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39197 βΌ
π Read
via "National Vulnerability Database".
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).π Read
via "National Vulnerability Database".
βΌ CVE-2022-39975 βΌ
π Read
via "National Vulnerability Database".
The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38512 βΌ
π Read
via "National Vulnerability Database".
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3267 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3268 βΌ
π Read
via "National Vulnerability Database".
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3256 βΌ
π Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0530.π Read
via "National Vulnerability Database".
ποΈ Tarfile path traversal bug from 2007 still present in 350k open source repos ποΈ
π Read
via "The Daily Swig".
Warning added to Python documentation was deemed preferable to a patchπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tarfile path traversal bug from 2007 still present in 350k open source repos
Warning added to Python documentation was deemed preferable to a patch
βΌ CVE-2022-40446 βΌ
π Read
via "National Vulnerability Database".
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40443 βΌ
π Read
via "National Vulnerability Database".
An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40447 βΌ
π Read
via "National Vulnerability Database".
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40146 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38398 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40444 βΌ
π Read
via "National Vulnerability Database".
ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1941 βΌ
π Read
via "National Vulnerability Database".
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38648 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.π Read
via "National Vulnerability Database".
β S3 Ep101: Uber and LastPass breaches β is 2FA all itβs cracked up to be? [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now! Learn why adopting 2FA isn't a reason to relax your other security precautions...π Read
via "Naked Security".
Naked Security
S3 Ep101: Uber and LastPass breaches β is 2FA all itβs cracked up to be? [Audio + Text]
Latest episode β listen now! Learn why adopting 2FA isnβt a reason to relax your other security precautionsβ¦
π Digital Guardian Named A Top Data Loss Prevention Solution by Expert Insights π
π Read
via "".
An independent editorial team and technical analysts praised Digital Guardian's quick deployment, on-demand scalability, and full visibility into data.π Read
via "".
βΌ CVE-2022-35037 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6adb1e.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35029 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea.π Read
via "National Vulnerability Database".