‼ CVE-2022-4615 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42352 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42346 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42364 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42345 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
🕴 Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages 🕴
📖 Read
via "Dark Reading".
Sites spoofing Grammarly and a Cisco webpage are spreading the DarkTortilla threat, which is filled with follow-on malware attacks.📖 Read
via "Dark Reading".
Dark Reading
Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages
Sites spoofing Grammarly and a Cisco webpage are spreading the DarkTortilla threat, which is filled with follow-on malware attacks.
🕴 T-Mobile Carrier Scammer Gets Decade in the Slammer 🕴
📖 Read
via "Dark Reading".
A mobile phone store owner stole T-Mobile employee credentials to "unlock" phones for resale, earning him millions in illicit profits.📖 Read
via "Dark Reading".
Dark Reading
T-Mobile Carrier Scammer Gets Decade in the Slammer
A mobile phone store owner stole T-Mobile employee credentials to "unlock" phones for resale, earning him millions in illicit profits.
🕴 Threat Intelligence Through Web Scraping 🕴
📖 Read
via "Dark Reading".
Bright Data CEO Or Lenchner discusses how security teams are utilizing public Web data networks to safeguard their organizations from digital risks.📖 Read
via "Dark Reading".
Dark Reading
Threat Intelligence Through Web Scraping
Bright Data CEO Or Lenchner discusses how security teams are utilizing public Web data networks to safeguard their organizations from digital risks.
👍1
🕴 Are 100% Security Guarantees Possible? 🕴
📖 Read
via "Dark Reading".
Large vendors are commoditizing capabilities that claim to provide absolute security guarantees backed up by formal verification. How significant are these promises?📖 Read
via "Dark Reading".
Dark Reading
Are 100% Security Guarantees Possible?
Large vendors are commoditizing capabilities that claim to provide absolute security guarantees backed up by formal verification. How significant are these promises?
‼ CVE-2022-23536 ‼
📖 Read
via "National Vulnerability Database".
Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to upgrade to patched versions 1.13.2 or 1.14.1. However as a workaround, Cortex administrators may reject Alertmanager configurations containing the `api_key_file` setting in the `opsgenie_configs` section before sending to the Set Alertmanager Configuration API.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44940 ‼
📖 Read
via "National Vulnerability Database".
Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43887 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40434 ‼
📖 Read
via "National Vulnerability Database".
Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43883 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38708 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23543 ‼
📖 Read
via "National Vulnerability Database".
Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related `<iframe>` when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped. However, it was still possible to add custom HTML attributes (e.g. `onclick=alert("xss")`) to the `<iframe>'. This issue was fixed in the version `1.1.34` and does not require any extra actions from our members. There has been no evidence that this vulnerability was used by anyone at this time.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39160 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46402 ‼
📖 Read
via "National Vulnerability Database".
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46401 ‼
📖 Read
via "National Vulnerability Database".
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46403 ‼
📖 Read
via "National Vulnerability Database".
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.📖 Read
via "National Vulnerability Database".