βΌ CVE-2021-46279 βΌ
π Read
via "National Vulnerability Database".
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36368 βΌ
π Read
via "National Vulnerability Database".
Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41799 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26732 βΌ
π Read
via "National Vulnerability Database".
A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43680 βΌ
π Read
via "National Vulnerability Database".
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41797 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39313 βΌ
π Read
via "National Vulnerability Database".
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41986 βΌ
π Read
via "National Vulnerability Database".
Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26729 βΌ
π Read
via "National Vulnerability Database".
Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40690 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26728 βΌ
π Read
via "National Vulnerability Database".
Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43677 βΌ
π Read
via "National Vulnerability Database".
In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44467 βΌ
π Read
via "National Vulnerability Database".
A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.π Read
via "National Vulnerability Database".
β Serious Security: You canβt beat the house at Blackjack β or can you? β
π Read
via "Naked Security".
What if you could guess the next card correctly twice as often as you should?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn π΄
π Read
via "Dark Reading".
A CISA advisory warns that the Daixin Team ransomware group has put the US healthcare system in its crosshairs for data extortion, and provides tools to fight back.π Read
via "Dark Reading".
Dark Reading
Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn
A CISA advisory warns that the Daixin Team ransomware group has put the US healthcare system in its crosshairs for data extortion, and provides tools to fight back.
π΄ Atlassian Vulnerabilities Highlight Criticality of Cloud Services π΄
π Read
via "Dark Reading".
Two flaws in the popular developer cloud platform show how weaknesses in authorization functions and SaaS flaws can put cloud apps at risk.π Read
via "Dark Reading".
Dark Reading
Atlassian Vulnerabilities Highlight Criticality of Cloud Services
Two flaws in the popular developer cloud platform show how weaknesses in authorization functions and SaaS flaws can put cloud apps at risk.
π1
π΄ Stress Is Driving Cybersecurity Professionals to Rethink Roles π΄
π Read
via "Dark Reading".
Burnout has led one-third of cybersecurity staffers to consider changing jobs over the next two years, potentially further deepening the talent shortage, research shows.π Read
via "Dark Reading".
Dark Reading
Stress Is Driving Cybersecurity Professionals to Rethink Roles
Burnout has led one-third of cybersecurity staffers to consider changing jobs over the next two years, potentially further deepening the talent shortage, research shows.
π΄ IoT Fingerprinting Helps Authenticate and Secure All Those Devices π΄
π Read
via "Dark Reading".
For organizations struggling to protect a rapidly expanding volume of IoT devices, IoT fingerprinting could help with security and management.π Read
via "Dark Reading".
Dark Reading
IoT Fingerprinting Helps Authenticate and Secure All Those Devices
For organizations struggling to protect a rapidly expanding volume of IoT devices, IoT fingerprinting could help with security and management.
β Serious Security: You canβt beat the house at Blackjack β or can you? β
π Read
via "Naked Security".
What if you could guess the next card correctly twice as often as you should?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Apple megaupdate: Ventura out, iOS and iPad kernel zero-day β act now! β
π Read
via "Naked Security".
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π3
π΄ AwareIDβ’ Offers Lightning-Fast Identity Verification, Multi-Factor Authentication and Multi-Modal Biometrics in a Single Low-Code platform π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
AwareIDβ’ Offers Lightning-Fast Identity Verification, Multi-Factor Authentication and Multi-Modal Biometrics in a Single Low-Codeβ¦
.
π1