Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

Gentoo Linux Security Advisory 202208-20

Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.

Packet Storm
Open in Source
#vulnerability#web#mac#linux#apache#rce
Black Hat and DEF CON Roundup

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.

CVE-2022-2818: 2FA Bypass in Cockpit Content Platform ≤ v2.2.1 in cockpit

Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

CVE-2022-37401: CVE-2022-37401

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice

CVE-2022-37400: security - CVE-2022-37400: Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice

CVE-2021-42751: GitHub - thingsboard/thingsboard: Open-source IoT Platform - Device management, data collection, processing and visualization.

A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.

Readymade Job Portal Script SQL Injection

Readymade Job Portal Script suffers from a remote SQL injection vulnerability. The researcher requested version information from the vendor while reporting the vulnerability but the company has been unresponsive.

Researchers found one-click exploits in Discord and Teams

Categories: Exploits and vulnerabilities Categories: News Tags: Discord Tags: Spotify Tags: MicrosoftTeams Tags: Electron Tags: ElectronJS Tags: NodeJS Tags: V8 Chrome Tags: Log4Shell Tags: Log4j A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, and many others (Read more...) The post Researchers found one-click exploits in Discord and Teams appeared first on Malwarebytes Labs.

New Cross-Industry Group Launches Open Cybersecurity Framework

Eighteen companies, led by Amazon and Splunk, announced the OCSF framework to provide a standard way for sharing threat detection telemetry among different monitoring tools and applications.