βΌ CVE-2022-4090 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331.π Read
via "National Vulnerability Database".
β Multimillion dollar CryptoRom scam sites seized, suspects arrested in US β
π Read
via "Naked Security".
Five tips to keep yourself, and your friends and family, out of the clutches of "chopping block" scammers...π Read
via "Naked Security".
Naked Security
Multimillion dollar CryptoRom scam sites seized, suspects arrested in US
Five tips to keep yourself, and your friends and family, out of the clutches of βchopping blockβ scammersβ¦
π1
β S3 Ep110: Spotlight on cyberthreats β an expert speaks [Audio + Text] β
π Read
via "Naked Security".
Latest episode - security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach usπ Read
via "Naked Security".
Naked Security
S3 Ep110: Spotlight on cyberthreats β an expert speaks [Audio + Text]
Latest episode β security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach us
βΌ CVE-2022-26885 βΌ
π Read
via "National Vulnerability Database".
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2650 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45885 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45888 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45884 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45886 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2721 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4135 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-40282 βΌ
π Read
via "National Vulnerability Database".
The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45887 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4091 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36133 βΌ
π Read
via "National Vulnerability Database".
The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.π Read
via "National Vulnerability Database".
ποΈ ConnectWise closes XSS vector for remote hijack scams ποΈ
π Read
via "The Daily Swig".
Researchers also applaud abandonment of customization feature abused by scammersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
ConnectWise closes XSS vector for remote hijack scams
Researchers also applaud abandonment of customization feature abused by scammers
βΌ CVE-2022-4141 βΌ
π Read
via "National Vulnerability Database".
The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable.π Read
via "National Vulnerability Database".
π΄ Slippery RansomExx Malware Moves to Rust, Evading VirusTotal π΄
π Read
via "Dark Reading".
A new, harder-to-peg version of the ransomware has been rewritten in the Rust programming language.π Read
via "Dark Reading".
Dark Reading
Slippery RansomExx Malware Moves to Rust, Evading VirusTotal
A new, harder-to-peg version of the ransomware has been rewritten in the Rust programming language.
β S3 Ep110: Spotlight on cyberthreats β an expert speaks [Audio + Text] β
π Read
via "Naked Security".
Latest episode - security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach usπ Read
via "Naked Security".
Naked Security
S3 Ep110: Spotlight on cyberthreats β an expert speaks [Audio + Text]
Latest episode β security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach us
βΌ CVE-2022-38767 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-45040 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.π Read
via "National Vulnerability Database".