βΌ CVE-2022-45146 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module, resulting in errors or potential information loss. NOTE: FIPS compliant users are unaffected because the FIPS certification is only for Java 7, 8, and 11.π Read
via "National Vulnerability Database".
π΄ #BeCyberSmart All Year Round With Educational Resources From Microsoft π΄
π Read
via "Dark Reading".
Improved cyber hygiene keeps users and their identities, devices, and data more secure and reduces the organizationβs risk exposure.π Read
via "Dark Reading".
Dark Reading
#BeCyberSmart All Year Round With Educational Resources From Microsoft
Improved cyber hygiene keeps users and their identities, devices, and data more secure and reduces the organizationβs risk exposure.
π΄ Better Together: Why It's Time for Ops and Security to Converge π΄
π Read
via "Dark Reading".
Threat actors are becoming only more sophisticated and determined.π Read
via "Dark Reading".
Dark Reading
Better Together: Why It's Time for Ops and Security to Converge
Threat actors are becoming only more sophisticated and determined.
π1
π΄ A Third of Global Organizations Were Breached Over Seven Times in the Past Year π΄
π Read
via "Dark Reading".
Cyber Risk Index report highlights elevated risk as organizations struggle with visibility.π Read
via "Dark Reading".
Dark Reading
A Third of Global Organizations Were Breached Over Seven Times in the Past Year
Cyber Risk Index report highlights elevated risk as organizations struggle with visibility.
βΌ CVE-2022-3861 βΌ
π Read
via "National Vulnerability Database".
The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..π Read
via "National Vulnerability Database".
π΄ BlueVoyant Research Reveals Private Equity Portfolio Company Cybersecurity Challenges π΄
π Read
via "Dark Reading".
New study identifies critical focus areas for portfolio companies to reduce cyber risks and costs associated with breaches.π Read
via "Dark Reading".
Dark Reading
BlueVoyant Research Reveals Private Equity Portfolio Company Cybersecurity Challenges
New study identifies critical focus areas for portfolio companies to reduce cyber risks and costs associated with breaches.
β How social media scammers buy time to steal your 2FA codes β
π Read
via "Naked Security".
The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fakeπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-45017 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45012 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-38148 βΌ
π Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.11 allows SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45016 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40129 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44167 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38097 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40470 βΌ
π Read
via "National Vulnerability Database".
Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45015 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4096 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38146 βΌ
π Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).π Read
via "National Vulnerability Database".
βΌ CVE-2022-44158 βΌ
π Read
via "National Vulnerability Database".
Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44156 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45013 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.π Read
via "National Vulnerability Database".