βΌ CVE-2022-3333 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3332 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3348 βΌ
π Read
via "National Vulnerability Database".
Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim.π Read
via "National Vulnerability Database".
β WhatsApp βzero-day exploitβ news scare β what you need to know β
π Read
via "Naked Security".
Is WhatsApp currently under active attack by cyercriminals? Is this a clear and current danger? How worried should WhatsApp users be?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Jamf Announces Intent to Acquire ZecOps, to Provide a Market-Leading Security Solution for Mobile Devices as Targeted Attacks Continue to Grow π΄
π Read
via "Dark Reading".
ZecOps extends Jamf's mobile security capabilities by adding advanced detections and incident response.π Read
via "Dark Reading".
Dark Reading
Jamf Announces Intent to Acquire ZecOps, to Provide a Market-Leading Security Solution for Mobile Devices as Targeted Attacks Continueβ¦
ZecOps extends Jamf's mobile security capabilities by adding advanced detections and incident response.
β Optus breach β Aussie telco told it will have to pay to replace IDs β
π Read
via "Naked Security".
Licence compromised? Passport number burned? Need a new one? Who's going to pay?π Read
via "Naked Security".
Naked Security
Optus breach β Aussie telco told it will have to pay to replace IDs
Licence compromised? Passport number burned? Need a new one? Whoβs going to pay?
βΌ CVE-2022-40486 βΌ
π Read
via "National Vulnerability Database".
TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3349 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical device. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-209679.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2760 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.π Read
via "National Vulnerability Database".
ποΈ Rancher stored secrets in plaintext, exposed Kubernetes clusters to takeover ποΈ
π Read
via "The Daily Swig".
Maintainers patch vulnerability and offer mitigation advice over bug that affects all Kubernetes objectsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Rancher stored sensitive values in plaintext, exposed Kubernetes clusters to takeover
Maintainers patch vulnerability and offer mitigation advice over bug that affects Rancher-owned objects
π΄ Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface π΄
π Read
via "Dark Reading".
Illumio Endpoint extends zero trust segmentation to see risk and set policy across macOS and Windows devices.π Read
via "Dark Reading".
Dark Reading
Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface
Illumio Endpoint extends zero trust segmentation to see risk and set policy across macOS and Windows devices.
ποΈ Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks ποΈ
π Read
via "The Daily Swig".
Clients vulnerable due to improper certificate validationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks
Clients vulnerable due to improper certificate validation
π nfstream 6.5.2 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.5.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Suricata IDPE 6.0.8 π
π Read
via "Packet Storm Security".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.π Read
via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-40083 βΌ
π Read
via "National Vulnerability Database".
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2022-22524 βΌ
π Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .π Read
via "National Vulnerability Database".
βΌ CVE-2022-22522 βΌ
π Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40912 βΌ
π Read
via "National Vulnerability Database".
ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22523 βΌ
π Read
via "National Vulnerability Database".
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28816 βΌ
π Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40082 βΌ
π Read
via "National Vulnerability Database".
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.π Read
via "National Vulnerability Database".