Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities

Marcin ‘Icewall’ Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper. Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management, compliance and

TALOS
Open in Source
#xss#vulnerability#cisco#java
Why the Culture Shift on Privacy and Security Means Today's Data Looks Different

A lack of federal regulatory legislation leaves US privacy concerns to battle for attention with other business priorities.

Researcher Spotlight: How working for Talos started out as an ‘accident’ for Ashlee Benge before coming a second career

Talos’ lead of data strategy and insights has a lot of weight on her shoulders currently, but it’s nothing she’s not used to

GHSA-9gh8-wp53-ccc6: ghost vulnerable to unauthorized newsletter modification via improper access controls

### Impact On sites where members is enabled (this is the default) it is possible for members (unprivileged users) to make changes to newsletter settings. This gives unprivileged users the ability to view and change settings they were not intended to have access to. They are not able to escalate their privileges permanently or get access to further information. This issue was caused by a gap in our API validation for nested objects. Ghost(Pro) has already been patched. We can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version between v4.46.0 and v4.48.7 or any version of v5 prior to v5.22.7. Immediate action should be taken to secure your site - see patches & workarounds below. ### Patches - v4.48.8 / v5.22.7 are patched for all known exploits - v4.48.9 / v5.24.1 contain deeper fixes to the API to close the potential for this vulnerability to appear elsewhere or regress ### Workarounds...

CVE-2022-43588: TALOS-2022-1647 || Cisco Talos Intelligence Group

A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.

CVE-2022-43590: TALOS-2022-1649 || Cisco Talos Intelligence Group

A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.

CVE-2022-43589: TALOS-2022-1648 || Cisco Talos Intelligence Group

A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.