‼ CVE-2022-42098 ‼
📖 Read
via "National Vulnerability Database".
KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44188 ‼
📖 Read
via "National Vulnerability Database".
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38462 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0222 ‼
📖 Read
via "National Vulnerability Database".
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33012 ‼
📖 Read
via "National Vulnerability Database".
Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44193 ‼
📖 Read
via "National Vulnerability Database".
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42094 ‼
📖 Read
via "National Vulnerability Database".
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44186 ‼
📖 Read
via "National Vulnerability Database".
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44199 ‼
📖 Read
via "National Vulnerability Database".
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44194 ‼
📖 Read
via "National Vulnerability Database".
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44197 ‼
📖 Read
via "National Vulnerability Database".
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3910 ‼
📖 Read
via "National Vulnerability Database".
Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44196 ‼
📖 Read
via "National Vulnerability Database".
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44200 ‼
📖 Read
via "National Vulnerability Database".
Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.📖 Read
via "National Vulnerability Database".
🕴 How Tech Companies Can Slow Down Spike in Breaches 🕴
📖 Read
via "Dark Reading".
Cybercrime continues to evolve — and shows no signs of slowing down.📖 Read
via "Dark Reading".
Dark Reading
How Tech Companies Can Slow Down Spike in Breaches
Cybercrime continues to evolve — and shows no signs of slowing down.
🗓️ Mastodon vulnerable to multiple system configuration problems 🗓️
📖 Read
via "The Daily Swig".
The whole toot📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Mastodon vulnerable to multiple system configuration problems
The whole toot
🕴 Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks 🕴
📖 Read
via "Dark Reading".
Google Workspace's team is seeing a spike in phishing and spam hitting Gmail — up 10% in just the last two weeks.📖 Read
via "Dark Reading".
Dark Reading
Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks
Google Workspace's team is seeing a spike in phishing and spam hitting Gmail — up 10% in just the last two weeks.
🕴 Enterprises Pay $1,200 Per Employee Annually to Fight Cyberattacks Against Cloud Collab Apps 🕴
📖 Read
via "Dark Reading".
Orgs are in the middle of a rapid increase in the use of new collaboration tools to serve the needs of an increasingly dispersed workforce — and they're paying a very real security price.📖 Read
via "Dark Reading".
Dark Reading
Enterprises Pay $1,200 Per Employee Annually to Fight Cyberattacks Against Cloud Collab Apps
Orgs are in the middle of a rapid increase in the use of new collaboration tools to serve the needs of an increasingly dispersed workforce — and they're paying a very real security price.
⚠ How social media scammers buy time to steal your 2FA codes ⚠
📖 Read
via "Naked Security".
The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fake📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
👍1
‼ CVE-2022-44202 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41952 ‼
📖 Read
via "National Vulnerability Database".
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file.📖 Read
via "National Vulnerability Database".