βΌ CVE-2022-23554 βΌ
π Read
via "National Vulnerability Database".
Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains condition will hold and will return from the authentication filter without aborting the request. Note that the principal object will not be assigned and therefore the issue wont allow user impersonation. This issue has been fixed in version 1.10.4. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4817 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25057 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in simple_php_link_shortener. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument $link["id"] leads to sql injection. The name of the patch is b26ac6480761635ed94ccb0222ba6b732de6e53f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216996.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4821 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3cc223dec5260e533a84b5cf5780d3a4fbf21241. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217000.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4818 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external entity reference. Upgrading to version 20221220_1938 is able to address this issue. The name of the patch is 95590db2ad6a582c371273ceab1a73ad6ed47853. It is recommended to upgrade the affected component. The identifier VDB-216997 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4823 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is an unknown function of the file app/controllers/geopoll_controller.rb. The manipulation of the argument signature leads to observable timing discrepancy. It is possible to launch the attack remotely. The name of the patch is 77236f7fd71a0e2eefeea07f9866b069d612cf0d. It is recommended to apply a patch to fix this issue. VDB-217002 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4819 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in HotCRP. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is d4ffdb0ef806453c54ddca7fdda3e5c60356285c. It is recommended to apply a patch to fix this issue. VDB-216998 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-4822 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1. It is recommended to apply a patch to fix this issue. The identifier VDB-217001 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4820 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 229752b51025e678370298284d42f8ebb231f67f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216999.π Read
via "National Vulnerability Database".
β S3 Ep115: True crime stories β A day in the life of a cybercrime fighter [Audio + Text] β
π Read
via "Naked Security".
Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)π Read
via "Naked Security".
Naked Security
S3 Ep115: True crime stories β A day in the life of a cybercrime fighter [Audio + Text]
Listen now β youβll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)
π2
ποΈ Stupid security 2022 β this yearβs infosec fails ποΈ
π Read
via "The Daily Swig".
Epic web security fails and salutary lessons from another inevitably eventful year in infosecπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Stupid security 2022 β this yearβs infosec fails
Epic web security fails and salutary lessons from another inevitably eventful year in infosec
π1
βΌ CVE-2018-25058 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4296 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4295 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
β US passes the Quantum Computing Cybersecurity Preparedness Act β and why not? β
π Read
via "Naked Security".
Cryptographic agility: the ability and the willingness to change quickly when needed.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π₯1
π΄ New Year's Surprise: Cybersecurity M&A, Funding Activity Snowballs in Q4 π΄
π Read
via "Dark Reading".
Concerns about recessionary trends impacting the cybersecurity sector in 2022 remained largely unfounded in Q4, as investment activity surged after a Q3 slowdown.π Read
via "Dark Reading".
Dark Reading
New Year's Surprise: Cybersecurity M&A, Funding Activity Snowballs in Q4
Concerns about recessionary trends impacting the cybersecurity sector in 2022 remained largely unfounded in Q4, as investment activity surged after a Q3 slowdown.
π΄ After the Uber Breach: 3 Questions All CISOs Should Ask Themselves π΄
π Read
via "Dark Reading".
How CISOs handle the ethical issues around data breaches can make or break their careers. Don't wait until a breach happens to plot the course forward.π Read
via "Dark Reading".
Dark Reading
After the Uber Breach: 3 Questions All CISOs Should Ask Themselves
How CISOs handle the ethical issues around data breaches can make or break their careers. Don't wait until a breach happens to plot the course forward.
π2
π΄ 3 Industries, 3 Security Programs π΄
π Read
via "Dark Reading".
Security leaders from a media corporation, a commercial real estate company, and an automotive technology company share how they address cyber-risk.π Read
via "Dark Reading".
Dark Reading
3 Industries, 3 Security Programs
Security leaders from a media corporation, a commercial real estate company, and an automotive technology company share how they address cyber-risk.
π1π€1
π΄ Extracting Encrypted Credentials From Common Tools π΄
π Read
via "Dark Reading".
Attackers are harvesting credentials from compromised systems. Here's how some commonly used tools can enable this.π Read
via "Dark Reading".
Dark Reading
Extracting Encrypted Credentials From Common Tools
Attackers are harvesting credentials from compromised systems. Here's how some commonly used tools can enable this.
βΌ CVE-2022-4849 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4840 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.π Read
via "National Vulnerability Database".