ποΈ Trellix automates tackling open source vulnerabilities at scale ποΈ
π Read
via "The Daily Swig".
More than 61,000 vulnerabilities patched and countingπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Trellix automates tackling open source vulnerabilities at scale
More than 61,000 vulnerabilities patched and counting
π1
β GoTo admits: Customer cloud backups stolen together with decryption key β
π Read
via "Naked Security".
We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.π Read
via "Naked Security".
Naked Security
GoTo admits: Customer cloud backups stolen together with decryption key
We were going to write, βOnce more unto the breach, dear friends, once moreββ¦ but it seems to go without saying these days.
β S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text] β
π Read
via "Naked Security".
Lastest episode - listen now! (Or read the transcript.)π Read
via "Naked Security".
Naked Security
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
Lastest episode β listen now! (Or read the transcript.)
ποΈ Ruby on Rails apps vulnerable to data theft through Ransack search ποΈ
π Read
via "The Daily Swig".
Several applications were vulnerable to brute-force attacks; hundreds more could be at riskπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
βΌ CVE-2022-42386 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18655.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42378 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18631.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42379 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18648.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42380 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18649.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41140 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41147 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18286.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41153 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18343.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42382 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18651.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42376 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18529.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42377 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18630.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40719 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41151 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18341.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41148 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18338.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42371 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18346.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40717 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41142 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18304.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41145 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18283.π Read
via "National Vulnerability Database".