βΌ CVE-2022-34840 βΌ
π Read
via "National Vulnerability Database".
Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, and WZR-D1100H firmware Ver. 2.00 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46741 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45910 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35588 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4322 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46742 βΌ
π Read
via "National Vulnerability Database".
Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42458 βΌ
π Read
via "National Vulnerability Database".
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39044 βΌ
π Read
via "National Vulnerability Database".
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WLI-TX4-AG300N firmware Ver. 1.53 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WZR2-G108 firmware Ver. 1.33 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, and WZR-HP-G450H firmware Ver. 1.90 and earlier.π Read
via "National Vulnerability Database".
π΄ Zerobot Weaponizes Numerous Flaws in Slew of IoT Devices π΄
π Read
via "Dark Reading".
The botnet exploits flaws in various routers, firewalls, network-attached storage, webcams, and other products and allows attackers to take over affected systems.π Read
via "Dark Reading".
Dark Reading
Zerobot Weaponizes Numerous Flaws in Slew of IoT Devices
The botnet exploits flaws in various routers, firewalls, network-attached storage, webcams, and other products and allows attackers to take over affected systems.
π1
βΌ CVE-2022-45217 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module.π Read
via "National Vulnerability Database".
π΄ Cybersecurity Resilience Emerges as Top Priority as 62% of Companies Say Security Incidents Impacted Business Operations π΄
π Read
via "Dark Reading".
Cisco's annual Security Outcomes Report shows executive support for a security culture is growing. It identifies the top seven success factors that boost enterprise security resilience, with a focus on cultural, environmental, and solution-based factors that businesses leverage to achieve security.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Resilience Emerges as Top Priority as 62% of Companies Say Security Incidents Impacted Business Operations
Cisco's annual Security Outcomes Report shows executive support for a security culture is growing. It identifies the top seven success factors that boost enterprise security resilience, with a focus on cultural, environmental, and solution-based factors thatβ¦
π΄ 3 xIoT Attacks Companies Aren't Prepared For π΄
π Read
via "Dark Reading".
A world of increasingly connected devices has created a vast attack surface for sophisticated adversaries.π Read
via "Dark Reading".
Dark Reading
3 xIoT Attacks Companies Aren't Prepared For
A world of increasingly connected devices has created a vast attack surface for sophisticated adversaries.
π΄ San Francisco Rolls Back Its Plan for Killer Robots π΄
π Read
via "Dark Reading".
After an uproar, the city board voted to rescind last week's bill to allow police to use robots to deliver deadly force. The fight isn't over, but there's a good reason it should be.π Read
via "Dark Reading".
Dark Reading
San Francisco Rolls Back Its Plan for Killer Robots
After an uproar, the city board voted to rescind last week's bill to allow police to use robots to deliver deadly force. The fight isn't over, but there's a good reason it should be.
ποΈ Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover ποΈ
π Read
via "The Daily Swig".
Empower buyers and stop fixating about zero-days, conference attendees toldπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover
Empower buyers and stop fixating about zero-days, conference attendees told
π1
π΄ Piiano Equips Developers to Stop Sensitive Data Breaches π΄
π Read
via "Dark Reading".
Data protection company Piiano officially launches a vault for sensitive customer data, the first among a suite of privacy tools for developers.π Read
via "Dark Reading".
Dark Reading
Piiano Equips Developers to Stop Sensitive Data Breaches
Data protection company Piiano officially launches a vault for sensitive customer data, the first among a suite of privacy tools for developers.
β SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m β
π Read
via "Naked Security".
Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π€―1
π΄ Will New CISA Guidelines Help Bolster Cyber Defenses? π΄
π Read
via "Dark Reading".
Learn how BOD 23-01 asset inventory mandates can help all organizations tighten cybersecurity.π Read
via "Dark Reading".
Dark Reading
Will New CISA Guidelines Help Bolster Cyber Defenses?
Learn how BOD 23-01 asset inventory mandates can help all organizations tighten cybersecurity.
π₯1
βΌ CVE-2020-36565 βΌ
π Read
via "National Vulnerability Database".
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41720 βΌ
π Read
via "National Vulnerability Database".
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43581 βΌ
π Read
via "National Vulnerability Database".
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44393 βΌ
π Read
via "National Vulnerability Database".
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=.π Read
via "National Vulnerability Database".
π1