βΌ CVE-2022-41832 βΌ
π Read
via "National Vulnerability Database".
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41780 βΌ
π Read
via "National Vulnerability Database".
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41983 βΌ
π Read
via "National Vulnerability Database".
On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41813 βΌ
π Read
via "National Vulnerability Database".
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36795 βΌ
π Read
via "National Vulnerability Database".
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41617 βΌ
π Read
via "National Vulnerability Database".
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41743 βΌ
π Read
via "National Vulnerability Database".
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41836 βΌ
π Read
via "National Vulnerability Database".
When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41742 βΌ
π Read
via "National Vulnerability Database".
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-41833 βΌ
π Read
via "National Vulnerability Database".
In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.π Read
via "National Vulnerability Database".
π΄ Microsoft Customer Data Exposed by Misconfigured Server π΄
π Read
via "Dark Reading".
The data exposure was the result of an "unintentional misconfiguration on an endpoint" and not a security vulnerability, Microsoft said.π Read
via "Dark Reading".
Dark Reading
Microsoft Customer Data Exposed by Misconfigured Server
The data exposure was the result of an "unintentional misconfiguration on an endpoint" and not a security vulnerability, Microsoft said.
π€―2π€1
βΌ CVE-2022-3327 βΌ
π Read
via "National Vulnerability Database".
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41358 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37598 βΌ
π Read
via "National Vulnerability Database".
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33231 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12744 βΌ
π Read
via "National Vulnerability Database".
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26954 βΌ
π Read
via "National Vulnerability Database".
Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37298 βΌ
π Read
via "National Vulnerability Database".
Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.π Read
via "National Vulnerability Database".
β Women in Cryptology β USPS celebrates WW2 codebreakers β
π Read
via "Naked Security".
What did you do in the war, Mom? Oh, y'know, a bit of this and that...π Read
via "Naked Security".
Naked Security
Women in Cryptology β USPS celebrates WW2 codebreakers
What did you do in the war, Mom? Oh, yβknow, a bit of this and thatβ¦
π΄ 8 Trends Driving Cybersecurity in the Public Sector π΄
π Read
via "Dark Reading".
CISOs and security leaders in state and local governments are dealing with increasing threats like ransomware β with varying degrees of cyber maturity.π Read
via "Dark Reading".
Dark Reading
8 Trends Driving Cybersecurity in the Public Sector
CISOs and security leaders in state and local governments are dealing with increasing threats like ransomware β with varying degrees of cyber maturity.
π΄ Bolster Deepens Platform with Dark Web Threat Intelligence and 24/7 Support π΄
π Read
via "Dark Reading".
Bolster delivers intelligence and remediation across web, social media, app stores, and Dark Web, with 24/7, live SOC support.π Read
via "Dark Reading".
Dark Reading
Bolster Deepens Platform with Dark Web Threat Intelligence and 24/7 Support
Bolster delivers intelligence and remediation across web, social media, app stores, and Dark Web, with 24/7, live SOC support.