π΄ Security Flaw in Atlassian Products Affecting Multiple Companies π΄
π Read
via "Dark Reading".
Jira, Confluence,Trello, and BitBucket affected.π Read
via "Dark Reading".
Dark Reading
Security Flaw in Atlassian Products Affecting Multiple Companies
Jira, Confluence,Trello, and BitBucket affected.
β COVID-bit: the wireless spyware trick with an unfortunate name β
π Read
via "Naked Security".
It's not the switching that's the problem, it's the switching of the switching!π Read
via "Naked Security".
Naked Security
COVID-bit: the wireless spyware trick with an unfortunate name
Itβs not the switching thatβs the problem, itβs the switching of the switching!
π΄ Accelerating Vulnerability Identification and Remediation π΄
π Read
via "Dark Reading".
Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBoM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle.π Read
via "Dark Reading".
Dark Reading
Accelerating Vulnerability Identification and Remediation
Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBOM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle.
π΄ Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw π΄
π Read
via "Dark Reading".
Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.π Read
via "Dark Reading".
Dark Reading
Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw
Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.
βΌ CVE-2022-46062 βΌ
π Read
via "National Vulnerability Database".
Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2022-45028 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4454 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25078 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46364 βΌ
π Read
via "National Vulnerability Database".
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27518 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated remote arbitrary code executionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4456 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in falling-fruit and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 15adb8e1ea1f1c3e3d152fc266071f621ef0c621. It is recommended to apply a patch to fix this issue. VDB-215446 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4455 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is recommended to apply a patch to fix this issue. The identifier VDB-215445 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44704 βΌ
π Read
via "National Vulnerability Database".
Microsoft Windows Sysmon Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44702 βΌ
π Read
via "National Vulnerability Database".
Windows Terminal Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44707 βΌ
π Read
via "National Vulnerability Database".
Windows Kernel Denial of Service Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44713 βΌ
π Read
via "National Vulnerability Database".
Microsoft Outlook for Mac Spoofing Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44699 βΌ
π Read
via "National Vulnerability Database".
Azure Network Watcher Agent Security Feature Bypass Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44697 βΌ
π Read
via "National Vulnerability Database".
Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41121, CVE-2022-44671, CVE-2022-44680.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44696 βΌ
π Read
via "National Vulnerability Database".
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44694, CVE-2022-44695.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45005 βΌ
π Read
via "National Vulnerability Database".
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44710 βΌ
π Read
via "National Vulnerability Database".
DirectX Graphics Kernel Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".