βΌ CVE-2022-40684 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33872 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41541 βΌ
π Read
via "National Vulnerability Database".
TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33873 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41479 βΌ
π Read
via "National Vulnerability Database".
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35844 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29055 βΌ
π Read
via "National Vulnerability Database".
A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43259 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41504 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
β Dangerous hole in Apache Commons Text β like Log4Shell all over again β
π Read
via "Naked Security".
Third time unlucky. Time to put your patching boots on again...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Treat Essential Security Certificates as Valuable Assets π΄
π Read
via "Dark Reading".
Manage the company's often-overlooked security certificates as the valuable assets they are, essential for security hygiene and to prevent issues.π Read
via "Dark Reading".
Dark Reading
Treat Essential Security Certificates as Valuable Assets
Manage the company's often-overlooked security certificates as the valuable assets they are, essential for security hygiene and to prevent issues.
π΄ German Cybersecurity Boss Sacked Over Kremlin Connection π΄
π Read
via "Dark Reading".
Head of German national cybersecurity agency was fired over ties to a member of Russian intelligence once honored by Vladimir Putin.π Read
via "Dark Reading".
Dark Reading
German Cybersecurity Boss Sacked Over Kremlin Connection
Head of German national cybersecurity agency was fired over ties to a member of Russian intelligence once honored by Vladimir Putin.
β Zoom for Mac patches sneaky βspy-on-meβ bug β update now! β
π Read
via "Naked Security".
Hey! That back door isn't supposed to be there at all, let alone propped open...π Read
via "Naked Security".
Naked Security
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
Hey! That back door isnβt supposed to be there at all, let alone propped openβ¦
β Dangerous hole in Apache Commons Text β like Log4Shell all over again β
π Read
via "Naked Security".
Third time unlucky. Time to put your patching boots on again...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-39198 βΌ
π Read
via "National Vulnerability Database".
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42188 βΌ
π Read
via "National Vulnerability Database".
In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.π Read
via "National Vulnerability Database".
π΄ Gen Z, Millennial Workers Are Bigger Cybersecurity Risks Than Older Employees π΄
π Read
via "Dark Reading".
Younger workers surveyed are less likely to follow established business cybersecurity protocols than their Gen X and baby boomer counterparts, a new survey finds.π Read
via "Dark Reading".
Dark Reading
Gen Z, Millennial Workers Are Bigger Cybersecurity Risks Than Older Employees
Younger workers surveyed are less likely to follow established business cybersecurity protocols than their Gen X and baby boomer counterparts, a new survey finds.
π΄ What Is the Difference Between Identity Verification and Authentication? π΄
π Read
via "Dark Reading".
Identity verification and identity authentication are neither synonymous nor interchangeable, and implementing both is essential to fighting fraud.π Read
via "Dark Reading".
Dark Reading
What Is the Difference Between Identity Verification and Authentication?
Identity verification and identity authentication are neither synonymous nor interchangeable, and implementing both is essential to fighting fraud.
π1
βΌ CVE-2022-21623 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-39400 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21601 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).π Read
via "National Vulnerability Database".