‼ CVE-2022-42077 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28887 ‼
📖 Read
via "National Vulnerability Database".
Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42087 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42079 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42078 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41403 ‼
📖 Read
via "National Vulnerability Database".
OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42080 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter.📖 Read
via "National Vulnerability Database".
🕴 KnowBe4 to Be Acquired for $4.6B by Private Equity Firm Vista 🕴
📖 Read
via "Dark Reading".
Vista Equity Partners plans take the publicly traded security-awareness training vendor private.📖 Read
via "Dark Reading".
Dark Reading
KnowBe4 to Be Acquired for $4.6B by Private Equity Firm Vista
Vista Equity Partners plans take the publicly traded security-awareness training vendor private.
🕴 Thoma Bravo to Acquire ForgeRock in $2.3B Deal 🕴
📖 Read
via "Dark Reading".
This marks the third identity and access management (IAM) company acquired by Thoma Bravo in just the past few months.📖 Read
via "Dark Reading".
Dark Reading
Thoma Bravo to Acquire ForgeRock in $2.3B Deal
This marks the third identity and access management (IAM) company acquired by Thoma Bravo in just the past few months.
🕴 WhatsApp Users Beware: Dangerous Mobile Trojan Being Distributed via Malicious Mod 🕴
📖 Read
via "Dark Reading".
Among other things, users who download the app could end up having their WhatsApp account details stolen.📖 Read
via "Dark Reading".
Dark Reading
WhatsApp Users Beware: Dangerous Mobile Trojan Being Distributed via Malicious Mod
Among other things, users who download the app could end up having their WhatsApp account details stolen.
👏1
‼ CVE-2022-39298 ‼
📖 Read
via "National Vulnerability Database".
MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-front`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-front` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39283 ‼
📖 Read
via "National Vulnerability Database".
FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39282 ‼
📖 Read
via "National Vulnerability Database".
FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3171 ‼
📖 Read
via "National Vulnerability Database".
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39297 ‼
📖 Read
via "National Vulnerability Database".
MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.📖 Read
via "National Vulnerability Database".
📢 Zoom-themed cyber attacks fuel rapid malware growth 📢
📖 Read
via "ITPro".
The Vidar malware has become more popular since August, allowing threat actors to steal sensitive information, IP addresses, and crypto wallets from infected devices📖 Read
via "ITPro".
IT PRO
Zoom-themed cyber attacks fuel rapid malware growth | IT PRO
The Vidar malware has become more popular since August, allowing threat actors to steal sensitive information, IP addresses, and crypto wallets from infected devices
📢 Thoma Bravo's $2.3bn ForgeRock acquisition brings 2022 cyber investment to $12bn 📢
📖 Read
via "ITPro".
The firm will have spent big on three different digital identity access management companies in the last year, in addition to significant industry investments since 2019📖 Read
via "ITPro".
IT PRO
Thoma Bravo's $2.3bn ForgeRock acquisition brings 2022 cyber investment to $12bn | IT PRO
The firm will have spent big on three different digital identity access management companies in the last year, in addition to significant industry investments since 2019
📢 Microsoft still searching for zero-day fixes following Patch Tuesday 📢
📖 Read
via "ITPro".
ProxyNotShell remains unaddressed even as Microsoft fixes several critical flaws in its monthly package of security patches📖 Read
via "ITPro".
ITPro
Microsoft still searching for zero-day fixes following Patch Tuesday
ProxyNotShell remains unaddressed even as Microsoft fixes several critical flaws in its monthly package of security patches
‼ CVE-2022-42901 ‼
📖 Read
via "National Vulnerability Database".
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3473 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-210717 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40187 ‼
📖 Read
via "National Vulnerability Database".
Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property.📖 Read
via "National Vulnerability Database".