βΌ CVE-2022-36439 βΌ
π Read
via "National Vulnerability Database".
AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-36438 βΌ
π Read
via "National Vulnerability Database".
AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42202 βΌ
π Read
via "National Vulnerability Database".
TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
π΄ AutoRABIT Accelerates Release Management Processes with Automation and Key Integrations π΄
π Read
via "Dark Reading".
Improving the flow of clean, safe code with heightened visibility and automation.π Read
via "Dark Reading".
Dark Reading
AutoRABIT Accelerates Release Management Processes with Automation and Key Integrations
Improving the flow of clean, safe code with heightened visibility and automation.
π΄ Phishing Mitigation Can Cost Businesses More Than $1M Annually π΄
π Read
via "Dark Reading".
One of the oldest tactics in cybercrime is still one of the most widely feared β and with good reason, as campaigns are expected to increase and become more sophisticated over the next 12 months.π Read
via "Dark Reading".
Dark Reading
Phishing Mitigation Can Cost Businesses More Than $1M Annually
One of the oldest tactics in cybercrime is still one of the most widely feared β and with good reason, as campaigns are expected to increase and become more sophisticated over the next 12 months.
ποΈ Researchers find 633% increase in cyber-attacks aimed at open source repositories ποΈ
π Read
via "The Daily Swig".
Attack surge blamed on βavoidableβ bugsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researchers find 633% increase in cyber-attacks aimed at open source repositories
Attack surge blamed on βavoidableβ bugs
π1
β Zoom for Mac patches sneaky βspy-on-meβ bug β update now! β
π Read
via "Naked Security".
Hey! That back door isn't supposed to be there at all, let alone propped open...π Read
via "Naked Security".
Naked Security
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
Hey! That back door isnβt supposed to be there at all, let alone propped openβ¦
π1
βΌ CVE-2020-15853 βΌ
π Read
via "National Vulnerability Database".
supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41547 βΌ
π Read
via "National Vulnerability Database".
Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33874 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-41544 βΌ
π Read
via "National Vulnerability Database".
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41537 βΌ
π Read
via "National Vulnerability Database".
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41540 βΌ
π Read
via "National Vulnerability Database".
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43260 βΌ
π Read
via "National Vulnerability Database".
Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-35846 βΌ
π Read
via "National Vulnerability Database".
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40684 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33872 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41541 βΌ
π Read
via "National Vulnerability Database".
TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33873 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41479 βΌ
π Read
via "National Vulnerability Database".
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35844 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.π Read
via "National Vulnerability Database".