βΌ CVE-2022-38573 βΌ
π Read
via "National Vulnerability Database".
10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37235 βΌ
π Read
via "National Vulnerability Database".
Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncatπ Read
via "National Vulnerability Database".
βΌ CVE-2022-37232 βΌ
π Read
via "National Vulnerability Database".
Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35951 βΌ
π Read
via "National Vulnerability Database".
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39230 βΌ
π Read
via "National Vulnerability Database".
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the clientΓ’β¬β’s OAuth scope permits when making Γ’β¬Εsearch-typeΓ’β¬οΏ½ requests. This issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access. Users of fhir-works-on-aws-authz-smart 3.1.1 or 3.1.2 should upgrade to version 3.1.3 or higher immediately. Versions 3.1.0 and below are unaffected. There is no workaround for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41319 βΌ
π Read
via "National Vulnerability Database".
A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7).π Read
via "National Vulnerability Database".
βΌ CVE-2020-36604 βΌ
π Read
via "National Vulnerability Database".
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39239 βΌ
π Read
via "National Vulnerability Database".
netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be achieved by requesting a malicious SVG with embedded scripts, which would then be served from the site domain. Note that this does not apply to images loaded in `<img>` tags, as scripts do not execute in this context. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. This problem has been fixed in version 1.2.3. As a workaround, cached content can be cleared by re-deploying the site.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39225 βΌ
π Read
via "National Vulnerability Database".
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker can assign the session object to their own user by writing to the `user` field and then read any custom fields of that session object. Note that assigning a session to another user does not usually change the privileges of either of the two users, and a user cannot assign their own session to another user. This issue is patched in version 4.10.15 and above, and 5.2.6 and above. To mitigate this issue in unpatched versions add a `beforeSave` trigger to the `_Session` class and prevent writing if the requesting user is different from the user in the session object.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26112 βΌ
π Read
via "National Vulnerability Database".
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-39231 βΌ
π Read
via "National Vulnerability Database".
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for _Facebook_ and _Spotify_ may be circumvented. Configurations which allow users to authenticate using the Parse Server authentication adapter where `appIds` is set as a string instead of an array of strings authenticate requests from an app with a different app ID than the one specified in the `appIds` configuration. For this vulnerability to be exploited, an attacker needs to be assigned an app ID by the authentication provider which is a sub-set of the server-side configured app ID. This issue is patched in versions 4.10.16 and 5.2.7. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41322 βΌ
π Read
via "National Vulnerability Database".
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41320 βΌ
π Read
via "National Vulnerability Database".
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39238 βΌ
π Read
via "National Vulnerability Database".
Arvados is an open source platform for managing and analyzing biomedical big data. In versions prior to 2.4.3, when using Portable Authentication Modules (PAM) for user authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host (such as an expired password), it would still be accepted for access to Arvados. Other authentication methods (LDAP, OpenID Connect) supported by Arvados are not affected by this flaw. This issue is patched in version 2.4.3. Workaround for this issue is to migrate to a different authentication method supported by Arvados, such as LDAP.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39227 βΌ
π Read
via "National Vulnerability Database".
python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2566 βΌ
π Read
via "National Vulnerability Database".
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc(). An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05π Read
via "National Vulnerability Database".
βΌ CVE-2022-2347 βΌ
π Read
via "National Vulnerability Database".
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3236 βΌ
π Read
via "National Vulnerability Database".
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40716 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."π Read
via "National Vulnerability Database".
π1
ποΈ CI/CD servers readily breached by abusing SCM webhooks, researchers find ποΈ
π Read
via "The Daily Swig".
Webhook, line, and sinkerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CI/CD servers readily breached by abusing SCM webhooks, researchers find
Webhook, line, and sinker
β Morgan Stanley fined millions for selling off devices full of customer PII β
π Read
via "Naked Security".
Critical data on old disks always seems inaccessible if you really need it. But when you DON''T want it back, guess what happens...π Read
via "Naked Security".
Naked Security
Morgan Stanley fined millions for selling off devices full of customer PII
Critical data on old disks always seems inaccessible if you really need it. But when you DONβT want it back, guess what happensβ¦
π1