‼ CVE-2022-44930 ‼
📖 Read
via "National Vulnerability Database".
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.📖 Read
via "National Vulnerability Database".
🗓️ Go SAML library vulnerable to authentication bypass 🗓️
📖 Read
via "The Daily Swig".
An attacker could masquerade as an authenticated user without presenting credentials📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Go SAML library vulnerable to authentication bypass
An attacker could masquerade as an authenticated user without presenting credentials
🕴 AWS Unveils Amazon Security Lake at re:Invent 2022 🕴
📖 Read
via "Dark Reading".
Amazon Security Lake will allow organizations to create a purpose-built, standards-based data lake to aggregate and store security data.📖 Read
via "Dark Reading".
Dark Reading
AWS Unveils Amazon Security Lake at re:Invent 2022
Amazon Security Lake will allow organizations to create a purpose-built, standards-based data lake to aggregate and store security data.
‼ CVE-2022-2808 ‼
📖 Read
via "National Vulnerability Database".
Algan Yazılım Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2807 ‼
📖 Read
via "National Vulnerability Database".
Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4270 ‼
📖 Read
via "National Vulnerability Database".
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46366 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.📖 Read
via "National Vulnerability Database".
🕴 A Risky Business: Choosing the Right Methodology 🕴
📖 Read
via "Dark Reading".
Rather than regarding risk assessment as a negative exercise, consider it one that benefits your organization's aims, and then translate the risk level to its impact on operations, reputation, or finances.📖 Read
via "Dark Reading".
Dark Reading
A Risky Business: Choosing the Right Methodology
Rather than regarding risk assessment as a negative exercise, consider it one that benefits your organization's aims, and then translate the risk level to its impact on operations, reputation, or finances.
🕴 SOC Turns to Homegrown Machine Learning to Catch Cyber-Intruders 🕴
📖 Read
via "Dark Reading".
A do-it-yourself machine-learning system helped a French bank detect three types of exfiltration attacks missed by current rules-based systems, attendees will learn at Black Hat Europe.📖 Read
via "Dark Reading".
Dark Reading
SOC Turns to Homegrown Machine Learning to Catch Cyber Intruders
A do-it-yourself machine learning system helped a French bank detect three types of exfiltration attacks missed by current rules-based systems, attendees will learn at Black Hat Europe.
‼ CVE-2022-45482 ‼
📖 Read
via "National Vulnerability Database".
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45480 ‼
📖 Read
via "National Vulnerability Database".
PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45215 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4271 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45483 ‼
📖 Read
via "National Vulnerability Database".
Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43272 ‼
📖 Read
via "National Vulnerability Database".
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46159 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.📖 Read
via "National Vulnerability Database".
🗓️ Deserialized web security roundup: Algolia API key leak, GitHub CVE reporting, scoring CVSS scores 🗓️
📖 Read
via "The Daily Swig".
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Deserialized web security roundup: Algolia API key leak, GitHub CVE reporting, scoring CVSS scores
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
‼ CVE-2022-45652 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45672 ‼
📖 Read
via "National Vulnerability Database".
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45667 ‼
📖 Read
via "National Vulnerability Database".
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45650 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.📖 Read
via "National Vulnerability Database".