βΌ CVE-2022-3886 βΌ
π Read
via "National Vulnerability Database".
Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2022-3889 βΌ
π Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2022-3885 βΌ
π Read
via "National Vulnerability Database".
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2022-3888 βΌ
π Read
via "National Vulnerability Database".
Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)π Read
via "National Vulnerability Database".
π±1
βΌ CVE-2022-39390 βΌ
π Read
via "National Vulnerability Database".
Octocat.js is a library used to render a set of options into an SVG. Versions prior to 1.2 are subject to JavaScript injection via user provided URLs. Users can include their own images for accessories via provided URLs. These URLs are not validated and can result in execution of injected code. This vulnerability was fixed in version 1.2 of octocat.js. As a workaround, writing an image to disk then using that image in an image element in HTML mitigates the risk.π Read
via "National Vulnerability Database".
π Zeek 5.0.3 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 5.0.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ CSS injection flaw patched in Acronis cloud management console ποΈ
π Read
via "The Daily Swig".
CSRF attacks could be triggered to access and exfiltrate informationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CSS injection flaw patched in Acronis cloud management console
CSRF attacks could be triggered to access and exfiltrate information
βΌ CVE-2022-43321 βΌ
π Read
via "National Vulnerability Database".
Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43320 βΌ
π Read
via "National Vulnerability Database".
FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31253 βΌ
π Read
via "National Vulnerability Database".
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.π Read
via "National Vulnerability Database".
β Silk Road drugs market hacker pleads guilty, faces 20 years inside β
π Read
via "Naked Security".
Jurisprudence isn't like arithmetic... two negatives never make a positive!π Read
via "Naked Security".
Naked Security
Silk Road drugs market hacker pleads guilty, faces 20 years inside
Jurisprudence isnβt like arithmeticβ¦ two negatives never make a positive!
β Exchange 0-days fixed (at last) β plus 4 brand new Patch Tuesday 0-days! β
π Read
via "Naked Security".
In all the excitement, we kind of lost count ourselves. Were there six 0-days, or only four?π Read
via "Naked Security".
Naked Security
Exchange 0-days fixed (at last) β plus 4 brand new Patch Tuesday 0-days!
In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?
βΌ CVE-2022-28689 βΌ
π Read
via "National Vulnerability Database".
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32588 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34577 βΌ
π Read
via "National Vulnerability Database".
In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29888 βΌ
π Read
via "National Vulnerability Database".
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29481 βΌ
π Read
via "National Vulnerability Database".
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26023 βΌ
π Read
via "National Vulnerability Database".
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30543 βΌ
π Read
via "National Vulnerability Database".
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34579 βΌ
π Read
via "National Vulnerability Database".
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (Γ’β¬ΕATV profilesΓ’β¬οΏ½). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0031 βΌ
π Read
via "National Vulnerability Database".
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.π Read
via "National Vulnerability Database".