‼ CVE-2022-3567 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41751 ‼
📖 Read
via "National Vulnerability Database".
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.📖 Read
via "National Vulnerability Database".
🕴 Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text 🕴
📖 Read
via "Dark Reading".
There's nothing yet to suggest CVE-2022-42889 is the next Log4j. But proof-of-concept code is available, and interest appears to be ticking up.📖 Read
via "Dark Reading".
Dark Reading
Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text
There's nothing yet to suggest CVE-2022-42889 is the next Log4j. But proof-of-concept code is available, and interest appears to be ticking up.
‼ CVE-2022-3421 ‼
📖 Read
via "National Vulnerability Database".
An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-3368 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40605 ‼
📖 Read
via "National Vulnerability Database".
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38743 ‼
📖 Read
via "National Vulnerability Database".
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42147 ‼
📖 Read
via "National Vulnerability Database".
kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41139 ‼
📖 Read
via "National Vulnerability Database".
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3382 ‼
📖 Read
via "National Vulnerability Database".
HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3517 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42143 ‼
📖 Read
via "National Vulnerability Database".
Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41431 ‼
📖 Read
via "National Vulnerability Database".
xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40606 ‼
📖 Read
via "National Vulnerability Database".
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42149 ‼
📖 Read
via "National Vulnerability Database".
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3552 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42142 ‼
📖 Read
via "National Vulnerability Database".
Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.📖 Read
via "National Vulnerability Database".
📢 IT Pro News in Review: Google's 'Ultimate Cloud', phishing test warnings, data leak at Toyota 📢
📖 Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutes📖 Read
via "ITPro".
IT PRO
IT Pro News in Review: Google's 'Ultimate Cloud', phishing test warnings, data leak at Toyota
Catch up on the biggest headlines of the week in just two minutes
📢 Nvidia's new RTX 4090 is a powerful password-cracking tool 📢
📖 Read
via "ITPro".
Hackers using an array of the consumer-grade GPU could see brute force timings halve📖 Read
via "ITPro".
ITPro
Nvidia's new RTX 4090 is a powerful password-cracking tool
Hackers using an array of the consumer-grade GPU could see brute force timings halve
📢 What is the Data Protection Act 2018? 📢
📖 Read
via "ITPro".
A look at the UK's Data Protection Act and how GDPR fits into the puzzle📖 Read
via "ITPro".
IT PRO
What is the Data Protection Act 2018? | IT PRO
A look at the UK's Data Protection Act and how GDPR fits into the puzzle
📢 Microsoft warns of 'Prestige' ransomware targeting business in Ukraine, Poland 📢
📖 Read
via "ITPro".
The new strain appears to be operating independently of all known hacking groups currently in the region📖 Read
via "ITPro".
ITPro
Microsoft warns of 'Prestige' ransomware targeting business in Ukraine, Poland
The new strain appears to be operating independently of all known hacking groups currently in the region