βΌ CVE-2022-44724 βΌ
π Read
via "National Vulnerability Database".
The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
π1
ποΈ Boffins rekindle one-time program cryptographic concept ποΈ
π Read
via "The Daily Swig".
Authentication idea advanced but not yet fulfilledπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Boffins rekindle one-time program cryptographic concept
Authentication idea advanced but not yet fulfilled
βΌ CVE-2022-3340 βΌ
π Read
via "National Vulnerability Database".
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41575 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41574 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41576 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41668 βΌ
π Read
via "National Vulnerability Database".
A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).π Read
via "National Vulnerability Database".
βΌ CVE-2022-3023 βΌ
π Read
via "National Vulnerability Database".
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38582 βΌ
π Read
via "National Vulnerability Database".
Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33684 βΌ
π Read
via "National Vulnerability Database".
The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the ClientCredentialFlow 'issuer url'. The intercepted credentials can be used to acquire authentication data from the OAuth2.0 server to then authenticate with an Apache Pulsar cluster. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. The Apache Pulsar Python Client wraps the C++ client, so it is also vulnerable in the same way. This issue affects Apache Pulsar C++ Client and Python Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0 to 2.10.1; 2.6.4 and earlier. Any users running affected versions of the C++ Client or the Python Client should rotate vulnerable OAuth2.0 credentials, including client_id and client_secret. 2.7 C++ and Python Client users should upgrade to 2.7.5 and rotate vulnerable OAuth2.0 credentials. 2.8 C++ and Python Client users should upgrade to 2.8.4 and rotate vulnerable OAuth2.0 credentials. 2.9 C++ and Python Client users should upgrade to 2.9.3 and rotate vulnerable OAuth2.0 credentials. 2.10 C++ and Python Client users should upgrade to 2.10.2 and rotate vulnerable OAuth2.0 credentials. 3.0 C++ users are unaffected and 3.0 Python Client users will be unaffected when it is released. Any users running the C++ and Python Client for 2.6 or less should upgrade to one of the above patched versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3721 βΌ
π Read
via "National Vulnerability Database".
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41667 βΌ
π Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).π Read
via "National Vulnerability Database".
βΌ CVE-2022-41669 βΌ
π Read
via "National Vulnerability Database".
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).π Read
via "National Vulnerability Database".
βΌ CVE-2021-34686 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41670 βΌ
π Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).π Read
via "National Vulnerability Database".
βΌ CVE-2022-41671 βΌ
π Read
via "National Vulnerability Database".
A CWE-89: Improper Neutralization of Special Elements used in SQL Command (Γ’β¬ΛSQL InjectionΓ’β¬β’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).π Read
via "National Vulnerability Database".
β The OpenSSL security update story β how can you tell what needs fixing? β
π Read
via "Naked Security".
How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...π Read
via "Naked Security".
Naked Security
The OpenSSL security update story β how can you tell what needs fixing?
How to Hack! Finding OpenSSL library files and accurately identifying their version numbersβ¦
β S3 Ep107: Eight months to kick out the crooks and you think thatβs GOOD? [Audio + Text] β
π Read
via "Naked Security".
Listen now - latest episode - audio plus full transcriptπ Read
via "Naked Security".
Naked Security
S3 Ep107: Eight months to kick out the crooks and you think thatβs GOOD? [Audio + Text]
Listen now β latest episode β audio plus full transcript
β Twitter Blue Badge email scams β Donβt fall for them! β
π Read
via "Naked Security".
That was the week that was...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π2
βΌ CVE-2022-27893 βΌ
π Read
via "National Vulnerability Database".
The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39432 βΌ
π Read
via "National Vulnerability Database".
diplib v3.0.0 is vulnerable to Double Free.π Read
via "National Vulnerability Database".