βΌ CVE-2022-45069 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44591 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43096 βΌ
π Read
via "National Vulnerability Database".
Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39181 βΌ
π Read
via "National Vulnerability Database".
GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43506 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Networkπ Read
via "National Vulnerability Database".
βΌ CVE-2022-42533 βΌ
π Read
via "National Vulnerability Database".
In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/Aπ Read
via "National Vulnerability Database".
ποΈ Ibexa DXP patched for GraphQL password hash leak vulnerability ποΈ
π Read
via "The Daily Swig".
Organizations advised to mandate password resets out of cautionπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ibexa DXP patched for GraphQL password hash leak vulnerability
Organizations advised to mandate password resets out of caution
π΄ The Next Generation of Supply Chain Attacks Is Here to Stay π΄
π Read
via "Dark Reading".
With the proliferation of interconnected third-party applications, new strategies are needed to close the security gap.π Read
via "Dark Reading".
Dark Reading
The Next Generation of Supply Chain Attacks Is Here to Stay
With the proliferation of interconnected third-party applications, new strategies are needed to close the security gap.
π΄ County of Tehama, Calif., Identifies and Addresses Data Security Incident π΄
π Read
via "Dark Reading".
The county reports unauthorized access to files in its Department of Social Services' systems between Nov. 18, 2021, and April 9. It has added enhanced alert and monitoring software and is offering complimentary credit monitoring and identity theft protection services to those whose personal information may have been compromised in the breach.π Read
via "Dark Reading".
Dark Reading
County of Tehama, Calif., Identifies and Addresses Data Security Incident
The county reports unauthorized access to files in its Department of Social Services' systems between Nov. 18, 2021, and April 9. It has added enhanced alert and monitoring software and is offering complimentary credit monitoring and identity theft protectionβ¦
β Black Friday and retail season β watch out for PayPal βmoney requestβ scams β
π Read
via "Naked Security".
Don't let a keen eye for bargains lead you into risky online behaviour...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1
β S3 Ep109: How one leaked email password could drain your business [Audio + Transcript] β
π Read
via "Naked Security".
Latest episode - listen now! Cybersecurity news plus loads of great advice...π Read
via "Naked Security".
Naked Security
S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]
Latest episode β listen now! Cybersecurity news plus loads of great adviceβ¦
π1
βΌ CVE-2022-45471 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email addressπ Read
via "National Vulnerability Database".
π΄ Palo Alto Networks Focuses on Secure Coding with $195M Cider Deal π΄
π Read
via "Dark Reading".
PAN plans to add Cider's CI/CD security platform to its Prisma Cloud suite of AppSec tools.π Read
via "Dark Reading".
Dark Reading
Palo Alto Networks Focuses on Secure Coding with $195M Cider Deal
PAN plans to add Cider's CI/CD security platform to its Prisma Cloud suite of AppSec tools.
π΄ Secure Offboarding in the Spotlight as Tech Layoffs Mount π΄
π Read
via "Dark Reading".
A secure-by-design culture is needed to develop a comprehensive offboarding and identity management strategy that limits potential for broader compromise in case of unauthorized access.π Read
via "Dark Reading".
Dark Reading
Secure Offboarding in the Spotlight as Tech Layoffs Mount
A secure-by-design culture is needed to develop a comprehensive offboarding and identity management strategy that limits potential for broader compromise in case of unauthorized access.
βΌ CVE-2022-45474 βΌ
π Read
via "National Vulnerability Database".
drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45473 βΌ
π Read
via "National Vulnerability Database".
In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44378 βΌ
π Read
via "National Vulnerability Database".
Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44204 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44379 βΌ
π Read
via "National Vulnerability Database".
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.π Read
via "National Vulnerability Database".
π΄ Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War π΄
π Read
via "Dark Reading".
As carriers rewrite their act-of-war exclusions following the NotPetya settlement between Mondelez and Zurich, organizations should read their cyber insurance policies carefully to see what is still covered.π Read
via "Dark Reading".
Dark Reading
Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War
As carriers rewrite their act-of-war exclusions following the NotPetya settlement between Mondelez and Zurich, organizations should read their cyber insurance policies carefully to see what is still covered.
π΄ Australia's Hack-Back Plan Against Cyberattackers Raises Familiar Concerns π΄
π Read
via "Dark Reading".
How far can its government β or any government or private company β go to proactively disrupt cyber threats without causing collateral damage?π Read
via "Dark Reading".
Dark Reading
Australia's Hack-Back Plan Against Cyberattackers Raises Familiar Concerns
How far can its government β or any government or private company β go to proactively disrupt cyber threats without causing collateral damage?