βΌ CVE-2022-45347 βΌ
π Read
via "National Vulnerability Database".
Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.π Read
via "National Vulnerability Database".
π΄ Threat Modeling in the Age of OpenAI's Chatbot π΄
π Read
via "Dark Reading".
New technical chatbot capabilities raise the promise that their help in threat modeling could free humans for more interesting work.π Read
via "Dark Reading".
Dark Reading
Threat Modeling in the Age of OpenAI's Chatbot
New technical chatbot capabilities raise the promise that their help in threat modeling could free humans for more interesting work.
π΄ Google WordPress Plug-in Bug Allows AWS Metadata Theft π΄
π Read
via "Dark Reading".
A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.π Read
via "Dark Reading".
Dark Reading
Google WordPress Plug-in Bug Allows AWS Metadata Theft
A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.
π΄ Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal π΄
π Read
via "Dark Reading".
Threat actors continue to evolve the malicious botnet, which has also added a list of new vulnerabilities it can use to target devices.π Read
via "Dark Reading".
Dark Reading
Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal
Threat actors continue to evolve the malicious botnet, which has also added a list of new vulnerabilities it can use to target devices.
π΄ Passwordless Authentication Market to Be Worth $55.7 Billion by 2030: Grand View Research, Inc. π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Passwordless Authentication Market to Be Worth $55.7 Billion by 2030: Grand View Research, Inc.
SAN FRANCISCO, Dec. 22, 2022 /PRNewswire/ -- The global passwordless authentication market size is expected to reach USD 55.70 billion by 2030, growing at promising 18.2% CAGR, according to a new report by Grand View Research, Inc. Passwordless authenticationβ¦
ποΈ Lean, green coding machine: How sustainable computing drive can reduce attack surfaces ποΈ
π Read
via "The Daily Swig".
Less is often more when it comes to both infosec and eco-friendly computing practicesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Lean, green coding machine: How sustainable computing drive can reduce attack surfaces
Less is often more when it comes to both infosec and eco-friendly computing practices
βΌ CVE-2022-45966 βΌ
π Read
via "National Vulnerability Database".
here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4516 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
β βSuspicious loginβ scammers up their game β take care at Christmas β
π Read
via "Naked Security".
A picture is worth 1024 words - we clicked through so you don't have to.π Read
via "Naked Security".
Naked Security
βSuspicious loginβ scammers up their game β take care at Christmas
A picture is worth 1024 words β we clicked through so you donβt have to.
β S3 Ep114: Preventing cyberthreats β stop them before they stop you! [Audio + Text] β
π Read
via "Naked Security".
Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.π Read
via "Naked Security".
Naked Security
S3 Ep114: Preventing cyberthreats β stop them before they stop you! [Audio + Text]
Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.
π1
βΌ CVE-2022-46101 βΌ
π Read
via "National Vulnerability Database".
AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44510 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23541 βΌ
π Read
via "National Vulnerability Database".
jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-46102 βΌ
π Read
via "National Vulnerability Database".
AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-47926 βΌ
π Read
via "National Vulnerability Database".
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-28282 βΌ
π Read
via "National Vulnerability Database".
By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45411 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on <code>fetch()</code> and XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-Override</code> that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28283 βΌ
π Read
via "National Vulnerability Database".
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4221 βΌ
π Read
via "National Vulnerability Database".
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. This vulnerability affects Firefox < 92.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22751 βΌ
π Read
via "National Vulnerability Database".
Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-42927 βΌ
π Read
via "National Vulnerability Database".
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via <code>performance.getEntries()</code>. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106.π Read
via "National Vulnerability Database".