βΌ CVE-2022-42237 βΌ
π Read
via "National Vulnerability Database".
A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42168 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42169 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.π Read
via "National Vulnerability Database".
β Fashion brand SHEIN fined $1.9m for lying about data breach β
π Read
via "Naked Security".
Is "pay a small fine and keep on trading" a sufficient penalty for letting a breach happen, impeding an investigation, and hiding the truth?π Read
via "Naked Security".
Naked Security
Fashion brand SHEIN fined $1.9m for lying about data breach
Is βpay a small fine and keep on tradingβ a sufficient penalty for letting a breach happen, impeding an investigation, and hiding the truth?
π1
β Serious Security: Microsoft Office 365 attacked over feeble encryption β
π Read
via "Naked Security".
How 2022 is your encryption?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ New Research Report Predicts Blockchain and Quantum Threat Will Quickly Spread Beyond Cybercurrencies; Surge in New Product and Services Opportunities to Come π΄
π Read
via "Dark Reading".
Research report identifies the challenges as well as the opportunities for new products and services that arise from the threat that quantum computers pose to the "blockchain" mechanism.π Read
via "Dark Reading".
Dark Reading
New Research Report Predicts Blockchain and Quantum Threat Will Quickly Spread Beyond Cybercurrencies; Surge in New Product andβ¦
Research report identifies the challenges as well as the opportunities for new products and services that arise from the threat that quantum computers pose to the "blockchain" mechanism.
π΄ Signal to Ditch SMS/MMS Messaging on Android π΄
π Read
via "Dark Reading".
Main driver for the change: "Plaintext SMS messages are inherently insecure."π Read
via "Dark Reading".
Dark Reading
Signal to Ditch SMS/MMS Messaging on Android
Main driver for the change: "Plaintext SMS messages are inherently insecure."
π΄ Tactics Tie Ransom Cartel Group to Defunct REvil Ransomware π΄
π Read
via "Dark Reading".
Ransom Cartel ransomware-as-a-service operator blog claims to offer a new and improved version of REvil ransomware.π Read
via "Dark Reading".
Dark Reading
Tactics Tie Ransom Cartel Group to Defunct REvil Ransomware
Ransom Cartel ransomware-as-a-service operator blog claims to offer a new and improved version of REvil ransomware.
βΌ CVE-2022-2455 βΌ
π Read
via "National Vulnerability Database".
A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3330 βΌ
π Read
via "National Vulnerability Database".
It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3540 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addressesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3283 βΌ
π Read
via "National Vulnerability Database".
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3291 βΌ
π Read
via "National Vulnerability Database".
Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cacheπ Read
via "National Vulnerability Database".
βΌ CVE-2022-28291 βΌ
π Read
via "National Vulnerability Database".
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the Γ’β¬ΕnessusdΓ’β¬οΏ½ process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customersΓ’β¬β’ network of assets.π Read
via "National Vulnerability Database".
βΌ CVE-2019-14841 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2592 βΌ
π Read
via "National Vulnerability Database".
A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3293 βΌ
π Read
via "National Vulnerability Database".
Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1π Read
via "National Vulnerability Database".
βΌ CVE-2022-3325 βΌ
π Read
via "National Vulnerability Database".
Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23770 βΌ
π Read
via "National Vulnerability Database".
This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3286 βΌ
π Read
via "National Vulnerability Database".
Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy tokenπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0699 βΌ
π Read
via "National Vulnerability Database".
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.π Read
via "National Vulnerability Database".