‼ CVE-2022-39282 ‼
📖 Read
via "National Vulnerability Database".
FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3171 ‼
📖 Read
via "National Vulnerability Database".
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39297 ‼
📖 Read
via "National Vulnerability Database".
MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.📖 Read
via "National Vulnerability Database".
📢 Zoom-themed cyber attacks fuel rapid malware growth 📢
📖 Read
via "ITPro".
The Vidar malware has become more popular since August, allowing threat actors to steal sensitive information, IP addresses, and crypto wallets from infected devices📖 Read
via "ITPro".
IT PRO
Zoom-themed cyber attacks fuel rapid malware growth | IT PRO
The Vidar malware has become more popular since August, allowing threat actors to steal sensitive information, IP addresses, and crypto wallets from infected devices
📢 Thoma Bravo's $2.3bn ForgeRock acquisition brings 2022 cyber investment to $12bn 📢
📖 Read
via "ITPro".
The firm will have spent big on three different digital identity access management companies in the last year, in addition to significant industry investments since 2019📖 Read
via "ITPro".
IT PRO
Thoma Bravo's $2.3bn ForgeRock acquisition brings 2022 cyber investment to $12bn | IT PRO
The firm will have spent big on three different digital identity access management companies in the last year, in addition to significant industry investments since 2019
📢 Microsoft still searching for zero-day fixes following Patch Tuesday 📢
📖 Read
via "ITPro".
ProxyNotShell remains unaddressed even as Microsoft fixes several critical flaws in its monthly package of security patches📖 Read
via "ITPro".
ITPro
Microsoft still searching for zero-day fixes following Patch Tuesday
ProxyNotShell remains unaddressed even as Microsoft fixes several critical flaws in its monthly package of security patches
‼ CVE-2022-42901 ‼
📖 Read
via "National Vulnerability Database".
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3473 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-210717 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40187 ‼
📖 Read
via "National Vulnerability Database".
Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3470 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42900 ‼
📖 Read
via "National Vulnerability Database".
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42906 ‼
📖 Read
via "National Vulnerability Database".
powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker's control. NOTE: this is similar to CVE-2022-20001.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3472 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Human Resource Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file city.php. The manipulation of the argument cityedit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210716.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42899 ‼
📖 Read
via "National Vulnerability Database".
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42902 ‼
📖 Read
via "National Vulnerability Database".
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3471 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210715.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34020 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42897 ‼
📖 Read
via "National Vulnerability Database".
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2828 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20030 ‼
📖 Read
via "National Vulnerability Database".
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.📖 Read
via "National Vulnerability Database".
🕴 What the Uber Breach Verdict Means for CISOs in the US 🕴
📖 Read
via "Dark Reading".
Can already beleaguered CISOs now add possible legal charges to their smorgasbord of job considerations? Disclose a breach to comply and face dismissal, or cover it up and face personal punishment.📖 Read
via "Dark Reading".
Dark Reading
What the Uber Breach Verdict Means for CISOs in the US
Can already beleaguered CISOs now add possible legal charges to their smorgasbord of job considerations? Disclose a breach to comply and face dismissal, or cover it up and face personal punishment.