🕴 Google Chrome Flaw Added to CISA Patch List 🕴
📖 Read
via "Dark Reading".
CISA gives agencies deadline to patch against Google Chrome bug being actively exploited in the wild.📖 Read
via "Dark Reading".
Dark Reading
Google Chrome Flaw Added to CISA Patch List
CISA gives agencies deadline to patch against Google Chrome bug being actively exploited in the wild.
🕴 Russia Readies Winter Cyberattacks As Troops Retreat From Ukraine 🕴
📖 Read
via "Dark Reading".
Microsoft warns that the Kremlin is ramping up cyberattacks against infrastructure and supply chains and starting disinformation campaigns as Russian troops lose on the battlefield.📖 Read
via "Dark Reading".
Dark Reading
Russia Readies Winter Cyberattacks As Troops Retreat From Ukraine
Microsoft warns that the Kremlin is ramping up cyberattacks against infrastructure and supply chains and starting disinformation campaigns as Russian troops lose on the battlefield.
👍2
🕴 Cambridge Centre for Risk Studies and Kivu Release Benchmark of Cost-Effective Responses to Cybercrime 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Cambridge Centre for Risk Studies and Kivu Release Benchmark of Cost-Effective Responses to Cybercrime
BERKELEY, Calif., Dec. 6, 2022 /PRNewswire/ -- In a report released today, The Cambridge Centre for Risk Studies (CCRS) and Kivu Consulting, Inc. have combined efforts to research and benchmark cost-effective responses to cybercrime. The research report,…
‼ CVE-2022-43867 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46154 ‼
📖 Read
via "National Vulnerability Database".
Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4147 ‼
📖 Read
via "National Vulnerability Database".
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44900 ‼
📖 Read
via "National Vulnerability Database".
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45548 ‼
📖 Read
via "National Vulnerability Database".
AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43369 ‼
📖 Read
via "National Vulnerability Database".
AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46333 ‼
📖 Read
via "National Vulnerability Database".
The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41560 ‼
📖 Read
via "National Vulnerability Database".
The Statement Set Upload via the Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Denial of Service Attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46332 ‼
📖 Read
via "National Vulnerability Database".
The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23475 ‼
📖 Read
via "National Vulnerability Database".
daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in two parts 1) The CSRF vulnerability can be mitigated by making the daloRadius session cookie to samesite=Lax or by the implimentation of a CSRF token in all forms. 2) The XSS vulnerability may be mitigated by escaping it or by introducing a Content-Security policy.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41559 ‼
📖 Read
via "National Vulnerability Database".
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46161 ‼
📖 Read
via "National Vulnerability Database".
pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45359 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45829 ‼
📖 Read
via "National Vulnerability Database".
Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45816 ‼
📖 Read
via "National Vulnerability Database".
Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41910 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45848 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42888 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress.📖 Read
via "National Vulnerability Database".