βΌ CVE-2022-40603 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victimΓ’β¬β’s browser.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2022-24439 βΌ
π Read
via "National Vulnerability Database".
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2022-46151 βΌ
π Read
via "National Vulnerability Database".
Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow attackers to perform reflected cross site scripting (XSS) if Content Security Policy (CSP) is not enabled or `unsafe-inline` is allowed. Users are advised to upgrade to the latest, patched version of querybook (version 3.14.2 or greater). Users unable to upgrade may enable CSP and not allow unsafe-inline or manually escape query parameters in a reverse proxy.π Read
via "National Vulnerability Database".
π2π₯1
βΌ CVE-2022-42761 βΌ
π Read
via "National Vulnerability Database".
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42779 βΌ
π Read
via "National Vulnerability Database".
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42771 βΌ
π Read
via "National Vulnerability Database".
In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39102 βΌ
π Read
via "National Vulnerability Database".
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42764 βΌ
π Read
via "National Vulnerability Database".
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42769 βΌ
π Read
via "National Vulnerability Database".
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.π Read
via "National Vulnerability Database".
π΄ Machine Learning Models: A Dangerous New Attack Vector π΄
π Read
via "Dark Reading".
Threat actors can weaponize code within AI technology to gain initial network access, move laterally, deploy malware, steal data, or even poison an organization's supply chain.π Read
via "Dark Reading".
Dark Reading
Machine Learning Models: A Dangerous New Attack Vector
Threat actors can weaponize code within AI technology to gain initial network access, move laterally, deploy malware, steal data, or even poison an organization's supply chain.
π΄ AlgoSec Acquires Prevasio To Disrupt Agentless Cloud Security Market π΄
π Read
via "Dark Reading".
Organizations of all sizes can now protect their cloud-native applications easily and cost-effectively across containers and all other cloud assets.π Read
via "Dark Reading".
Dark Reading
AlgoSec Acquires Prevasio To Disrupt Agentless Cloud Security Market
Organizations of all sizes can now protect their cloud-native applications easily and cost-effectively across containers and all other cloud assets.
π΄ Russian Actors Use Compromised Healthcare Networks Against Ukrainian Orgs π΄
π Read
via "Dark Reading".
Victims include at least 15 healthcare organizations, one Fortune 500 company, and other organizations in multiple countries, security vendor says.π Read
via "Dark Reading".
Dark Reading
Russian Actors Use Compromised Healthcare Networks Against Ukrainian Orgs
Victims include at least 15 healthcare organizations, one Fortune 500 company, and other organizations in multiple countries, security vendor says.
π΄ Applying the OODA Loop to Cybersecurity and Secure Access Service Edge π΄
π Read
via "Dark Reading".
Organizations can best defend themselves on the cyber battlefield by adopting a military-style defense.π Read
via "Dark Reading".
Dark Reading
Applying the OODA Loop to Cybersecurity and Secure Access Service Edge
Organizations can best defend themselves on the cyber battlefield by adopting a military-style defense.
π΄ Hardening Identities With Phish-Resistant MFA π΄
π Read
via "Dark Reading".
Extending multifactor authentication to include device identity assurance offers more authentication confidence than what multiple user-identity factors can by themselves.π Read
via "Dark Reading".
Dark Reading
Hardening Identities With Phish-Resistant MFA
Extending multifactor authentication to include device identity assurance offers more authentication confidence than what multiple user-identity factors can by themselves.
π΄ Intellicene Brand Launches After Completion of Acquisition by Volaris Group π΄
π Read
via "Dark Reading".
Global security technology provider with 20+ years of experience embraces the next evolution of its business with refreshed brand and invigorated leadership.π Read
via "Dark Reading".
Dark Reading
Intellicene Brand Launches After Completion of Acquisition by Volaris Group
Global security technology provider with 20+ years of experience embraces the next evolution of its business with refreshed brand and invigorated leadership.
π Faraday 4.3.0 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 4.3.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π GNUnet P2P Framework 0.19.0 π
π Read
via "Packet Storm Security".
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.π Read
via "Packet Storm Security".
Packetstormsecurity
GNUnet P2P Framework 0.19.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-40209 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6627 βΌ
π Read
via "National Vulnerability Database".
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43363 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41325 βΌ
π Read
via "National Vulnerability Database".
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.π Read
via "National Vulnerability Database".