βΌ CVE-2022-4696 βΌ
π Read
via "National Vulnerability Database".
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or aboveπ Read
via "National Vulnerability Database".
π΄ Infoblox Appoints Scott Harrell to CEO π΄
π Read
via "Dark Reading".
Jesper Andersen has decided to retire and will continue to serve on the Board of Directors.π Read
via "Dark Reading".
Dark Reading
Infoblox Appoints Scott Harrell to CEO
Jesper Andersen has decided to retire and will continue to serve on the Board of Directors.
π΄ SecureAuth Announces Seven New Patents for Biobehavioral Credentials for Continuous Authentication, and ID Proofing to Secure Digital Identities π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
SecureAuth Announces Seven New Patents for Biobehavioral Credentials for Continuous Authentication, and ID Proofing to Secure Digitalβ¦
IRVINE, Calif. β January 11, 2023 β SecureAuth, a leader in next-generation access management and authentication, today announced that the United States Patent and Trademark Office (USPTO) has granted the company seven groundbreaking methods for authenticatingβ¦
ποΈ Threema disputes crypto flaws disclosure, prompts security flap ποΈ
π Read
via "The Daily Swig".
βCondescendingβ response to vulnerability disclosure angers infosec communityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Threema disputes crypto flaws disclosure, prompts security flap
βCondescendingβ response to vulnerability disclosure angers infosec community
π2
π΄ Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security π΄
π Read
via "Dark Reading".
Hacking to kill: Dark Reading's Fahmida Y. Rashid reflects on the monumental Black Hat 2011 moment when Jay Radcliffe showed how to hack his insulin pump.π Read
via "Dark Reading".
Dark Reading
Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security
Hacking to kill: Dark Reading's Fahmida Y. Rashid reflects on the monumental Black Hat 2011 moment when Jay Radcliffe showed how to hack his insulin pump.
π I2P 2.1.0 π
π Read
via "Packet Storm Security".
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.π Read
via "Packet Storm Security".
Packetstormsecurity
I2P 2.1.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π2
βΌ CVE-2022-47864 βΌ
π Read
via "National Vulnerability Database".
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.π Read
via "National Vulnerability Database".
βΌ CVE-2014-125074 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4543 βΌ
π Read
via "National Vulnerability Database".
A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.π Read
via "National Vulnerability Database".
βΌ CVE-2013-10010 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in zerochplus. This affects the function PrintResList of the file test/mordor/thread.res.pl. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 9ddf9ecca8565341d8d26a3b2f64540bde4fa273. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218007.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-4415 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47859 βΌ
π Read
via "National Vulnerability Database".
Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47861 βΌ
π Read
via "National Vulnerability Database".
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20168 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36649 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47860 βΌ
π Read
via "National Vulnerability Database".
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47862 βΌ
π Read
via "National Vulnerability Database".
Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25074 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4457 βΌ
π Read
via "National Vulnerability Database".
Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-4885 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. Upgrading to version 0.4 is able to address this issue. The name of the patch is 53b3f2fc34af0bb32afbcee29d18213e61471d87. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218020.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4428 βΌ
π Read
via "National Vulnerability Database".
support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients).π Read
via "National Vulnerability Database".