π΄ Google Cloud Connects Chronicle to Health ISAC Feed π΄
π Read
via "Dark Reading".
Members of the Health-ISAC can ingest threat indicators directly into Chronicle to investigate whether the threat is present in their environment.π Read
via "Dark Reading".
Dark Reading
Google Cloud Connects Chronicle to Health ISAC Feed
Members of the Health-ISAC can ingest threat indicators directly into Chronicle to investigate whether the threat is present in their environment.
ποΈ OAuth βmasterclassβ crowned top web hacking technique of 2022 ποΈ
π Read
via "The Daily Swig".
Single sign-on and request smuggling to the fore in another stellar year for web security researchπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
OAuth βmasterclassβ crowned top web hacking technique of 2022
Single sign-on and request smuggling to the fore in another stellar year for web security research
π΄ Addressing the Elephant in the Room: Getting Developers & Security Teams to Work Together π΄
π Read
via "Dark Reading".
Bridging the divide between developers and security can create a culture change organically.π Read
via "Dark Reading".
Dark Reading
Addressing the Elephant in the Room: Getting Developers & Security Teams to Work Together
Bridging the divide between developers and security can create a culture change organically.
βΌ CVE-2023-0771 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23698 βΌ
π Read
via "National Vulnerability Database".
Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24410 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0774 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220558 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23592 βΌ
π Read
via "National Vulnerability Database".
WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10076 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22832 βΌ
π Read
via "National Vulnerability Database".
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45699 βΌ
π Read
via "National Vulnerability Database".
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43501 βΌ
π Read
via "National Vulnerability Database".
KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24684 βΌ
π Read
via "National Vulnerability Database".
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24573 βΌ
π Read
via "National Vulnerability Database".
Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34452 βΌ
π Read
via "National Vulnerability Database".
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21939 βΌ
π Read
via "National Vulnerability Database".
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2018-7935 βΌ
π Read
via "National Vulnerability Database".
There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34454 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23625 βΌ
π Read
via "National Vulnerability Database".
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes. Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21940 βΌ
π Read
via "National Vulnerability Database".
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3568 βΌ
π Read
via "National Vulnerability Database".
The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.π Read
via "National Vulnerability Database".