βΌ CVE-2021-45925 βΌ
π Read
via "National Vulnerability Database".
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42010 βΌ
π Read
via "National Vulnerability Database".
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38117 βΌ
π Read
via "National Vulnerability Database".
Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt usersΓ’β¬β’ ciphertext and tamper with it.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39314 βΌ
π Read
via "National Vulnerability Database".
Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the `code` or `password-reset` auth method with the `auth.methods` option or if you have enabled the `debug` option in production. By using two or more IP addresses and multiple login attempts, valid user accounts will lock, but invalid accounts will not, leading to account enumeration. This issue has been patched in versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1. If you cannot update immediately, you can work around the issue by setting the `auth.methods` option to `password`, which disables the code-based login and password reset forms.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46279 βΌ
π Read
via "National Vulnerability Database".
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36368 βΌ
π Read
via "National Vulnerability Database".
Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41799 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26732 βΌ
π Read
via "National Vulnerability Database".
A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43680 βΌ
π Read
via "National Vulnerability Database".
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41797 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39313 βΌ
π Read
via "National Vulnerability Database".
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41986 βΌ
π Read
via "National Vulnerability Database".
Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26729 βΌ
π Read
via "National Vulnerability Database".
Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40690 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26728 βΌ
π Read
via "National Vulnerability Database".
Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43677 βΌ
π Read
via "National Vulnerability Database".
In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44467 βΌ
π Read
via "National Vulnerability Database".
A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
β Serious Security: You canβt beat the house at Blackjack β or can you? β
π Read
via "Naked Security".
What if you could guess the next card correctly twice as often as you should?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn π΄
π Read
via "Dark Reading".
A CISA advisory warns that the Daixin Team ransomware group has put the US healthcare system in its crosshairs for data extortion, and provides tools to fight back.π Read
via "Dark Reading".
Dark Reading
Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn
A CISA advisory warns that the Daixin Team ransomware group has put the US healthcare system in its crosshairs for data extortion, and provides tools to fight back.
π΄ Atlassian Vulnerabilities Highlight Criticality of Cloud Services π΄
π Read
via "Dark Reading".
Two flaws in the popular developer cloud platform show how weaknesses in authorization functions and SaaS flaws can put cloud apps at risk.π Read
via "Dark Reading".
Dark Reading
Atlassian Vulnerabilities Highlight Criticality of Cloud Services
Two flaws in the popular developer cloud platform show how weaknesses in authorization functions and SaaS flaws can put cloud apps at risk.
π1
π΄ Stress Is Driving Cybersecurity Professionals to Rethink Roles π΄
π Read
via "Dark Reading".
Burnout has led one-third of cybersecurity staffers to consider changing jobs over the next two years, potentially further deepening the talent shortage, research shows.π Read
via "Dark Reading".
Dark Reading
Stress Is Driving Cybersecurity Professionals to Rethink Roles
Burnout has led one-third of cybersecurity staffers to consider changing jobs over the next two years, potentially further deepening the talent shortage, research shows.