βΌ CVE-2022-23476 βΌ
π Read
via "National Vulnerability Database".
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4349 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46792 βΌ
π Read
via "National Vulnerability Database".
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)π Read
via "National Vulnerability Database".
βΌ CVE-2020-36609 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115.π Read
via "National Vulnerability Database".
ποΈ NodeBB prototype pollution flaw could lead to account takeover ποΈ
π Read
via "The Daily Swig".
βNot a prototype pollution vulnerability as you might normally understand itβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NodeBB prototype pollution flaw could lead to account takeover
βNot a prototype pollution vulnerability as you might normally understand itβ
π1
π΄ Where to Find the Best Open Source Security Technology π΄
π Read
via "Dark Reading".
A free resource, updated monthly, lists the most-popular, highly rated OSS projects.π Read
via "Dark Reading".
Dark Reading
Where to Find the Best Open Source Security Technology
A free resource, updated monthly, lists the most-popular, highly rated OSS projects.
π1
π΄ (ISC)Β² Recruits 110,000 People Interested in a Cybersecurity Career in Three Months π΄
π Read
via "Dark Reading".
Rapid adoption showcases increased interest in cyber education and training for individuals looking to enter the field while helping decrease the workforce gap.π Read
via "Dark Reading".
Dark Reading
(ISC)Β² Recruits 110,000 People Interested in a Cybersecurity Career in Three Months
Rapid adoption showcases increased interest in cyber education and training for individuals looking to enter the field while helping decrease the workforce gap.
π΄ Phishing in the Cloud: We're Gonna Need a Bigger Boat π΄
π Read
via "Dark Reading".
SasS security is everyone's problem.π Read
via "Dark Reading".
Dark Reading
Phishing in the Cloud: We're Gonna Need a Bigger Boat
SasS security is everyone's problem.
π΄ Interpres Security Emerges from Stealth to Help Companies to Optimize Security Performance π΄
π Read
via "Dark Reading".
Startup raises $8.5 million in seed funding led by Ten Eleven Ventures.π Read
via "Dark Reading".
Dark Reading
Interpres Security Emerges from Stealth to Help Companies to Optimize Security Performance
Startup raises $8.5 million in seed funding led by Ten Eleven Ventures.
π TOR Virtual Network Tunneling Tool 0.4.7.12 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.7.12 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Wireshark Analyzer 4.0.2 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 4.0.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-45509 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41802 βΌ
π Read
via "National Vulnerability Database".
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39903 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45523 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45501 βΌ
π Read
via "National Vulnerability Database".
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39915 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45511 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45499 βΌ
π Read
via "National Vulnerability Database".
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39902 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4364 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".