βΌ CVE-2022-0553 βΌ
π Read
via "National Vulnerability Database".
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3966 βΌ
π Read
via "National Vulnerability Database".
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22947 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."π Read
via "National Vulnerability Database".
βΌ CVE-2022-43390 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22959 βΌ
π Read
via "National Vulnerability Database".
WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).π Read
via "National Vulnerability Database".
βΌ CVE-2022-43389 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22945 βΌ
π Read
via "National Vulnerability Database".
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48253 βΌ
π Read
via "National Vulnerability Database".
nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22958 βΌ
π Read
via "National Vulnerability Database".
The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47866 βΌ
π Read
via "National Vulnerability Database".
Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25073 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The name of the patch is b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42967 βΌ
π Read
via "National Vulnerability Database".
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47865 βΌ
π Read
via "National Vulnerability Database".
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4696 βΌ
π Read
via "National Vulnerability Database".
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or aboveπ Read
via "National Vulnerability Database".
π΄ Infoblox Appoints Scott Harrell to CEO π΄
π Read
via "Dark Reading".
Jesper Andersen has decided to retire and will continue to serve on the Board of Directors.π Read
via "Dark Reading".
Dark Reading
Infoblox Appoints Scott Harrell to CEO
Jesper Andersen has decided to retire and will continue to serve on the Board of Directors.
π΄ SecureAuth Announces Seven New Patents for Biobehavioral Credentials for Continuous Authentication, and ID Proofing to Secure Digital Identities π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
SecureAuth Announces Seven New Patents for Biobehavioral Credentials for Continuous Authentication, and ID Proofing to Secure Digitalβ¦
IRVINE, Calif. β January 11, 2023 β SecureAuth, a leader in next-generation access management and authentication, today announced that the United States Patent and Trademark Office (USPTO) has granted the company seven groundbreaking methods for authenticatingβ¦
ποΈ Threema disputes crypto flaws disclosure, prompts security flap ποΈ
π Read
via "The Daily Swig".
βCondescendingβ response to vulnerability disclosure angers infosec communityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Threema disputes crypto flaws disclosure, prompts security flap
βCondescendingβ response to vulnerability disclosure angers infosec community
π2
π΄ Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security π΄
π Read
via "Dark Reading".
Hacking to kill: Dark Reading's Fahmida Y. Rashid reflects on the monumental Black Hat 2011 moment when Jay Radcliffe showed how to hack his insulin pump.π Read
via "Dark Reading".
Dark Reading
Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security
Hacking to kill: Dark Reading's Fahmida Y. Rashid reflects on the monumental Black Hat 2011 moment when Jay Radcliffe showed how to hack his insulin pump.
π I2P 2.1.0 π
π Read
via "Packet Storm Security".
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.π Read
via "Packet Storm Security".
Packetstormsecurity
I2P 2.1.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π2
βΌ CVE-2022-47864 βΌ
π Read
via "National Vulnerability Database".
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.π Read
via "National Vulnerability Database".
βΌ CVE-2014-125074 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability.π Read
via "National Vulnerability Database".