βΌ CVE-2022-43391 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43393 βΌ
π Read
via "National Vulnerability Database".
An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43392 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0553 βΌ
π Read
via "National Vulnerability Database".
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3966 βΌ
π Read
via "National Vulnerability Database".
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22947 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."π Read
via "National Vulnerability Database".
βΌ CVE-2022-43390 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22959 βΌ
π Read
via "National Vulnerability Database".
WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).π Read
via "National Vulnerability Database".
βΌ CVE-2022-43389 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22945 βΌ
π Read
via "National Vulnerability Database".
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48253 βΌ
π Read
via "National Vulnerability Database".
nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22958 βΌ
π Read
via "National Vulnerability Database".
The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47866 βΌ
π Read
via "National Vulnerability Database".
Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25073 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The name of the patch is b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42967 βΌ
π Read
via "National Vulnerability Database".
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47865 βΌ
π Read
via "National Vulnerability Database".
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4696 βΌ
π Read
via "National Vulnerability Database".
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or aboveπ Read
via "National Vulnerability Database".
π΄ Infoblox Appoints Scott Harrell to CEO π΄
π Read
via "Dark Reading".
Jesper Andersen has decided to retire and will continue to serve on the Board of Directors.π Read
via "Dark Reading".
Dark Reading
Infoblox Appoints Scott Harrell to CEO
Jesper Andersen has decided to retire and will continue to serve on the Board of Directors.
π΄ SecureAuth Announces Seven New Patents for Biobehavioral Credentials for Continuous Authentication, and ID Proofing to Secure Digital Identities π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
SecureAuth Announces Seven New Patents for Biobehavioral Credentials for Continuous Authentication, and ID Proofing to Secure Digitalβ¦
IRVINE, Calif. β January 11, 2023 β SecureAuth, a leader in next-generation access management and authentication, today announced that the United States Patent and Trademark Office (USPTO) has granted the company seven groundbreaking methods for authenticatingβ¦
ποΈ Threema disputes crypto flaws disclosure, prompts security flap ποΈ
π Read
via "The Daily Swig".
βCondescendingβ response to vulnerability disclosure angers infosec communityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Threema disputes crypto flaws disclosure, prompts security flap
βCondescendingβ response to vulnerability disclosure angers infosec community
π2
π΄ Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security π΄
π Read
via "Dark Reading".
Hacking to kill: Dark Reading's Fahmida Y. Rashid reflects on the monumental Black Hat 2011 moment when Jay Radcliffe showed how to hack his insulin pump.π Read
via "Dark Reading".
Dark Reading
Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security
Hacking to kill: Dark Reading's Fahmida Y. Rashid reflects on the monumental Black Hat 2011 moment when Jay Radcliffe showed how to hack his insulin pump.