Security
Headlines
HeadlinesLatestCVEs

Tag

#google

CVE-2022-27903

An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files.

CVE
Open in Source
#vulnerability#web#google#ubuntu#log4j#auth#telnet#docker#ssl
Uptycs Announces New Cloud Identity and Entitlement Management (CIEM) Capabilities

Also adds support for Google Cloud Platform (GCP) and Microsoft Azure, and PCI compliance coverage.

Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open

CVE-2021-27425: GitHub - cesanta/mongoose-os: Mongoose OS - an IoT Firmware Development Framework. Supported microcontrollers: ESP32, ESP8266, CC3220, CC3200, STM32F4, STM32L4, STM32F7. Amazon AWS IoT, Microsoft Azur

Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

CVE-2022-27330: GitHub - CP04042K/Full-Ecommece-Website-Add_Product-Stored_XSS-POC

A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.

Third-Party App Access Is the New Executable File

By providing these apps and other add-ons for SaaS platforms and associated permissions, businesses present bad actors with more opportunities to gain access to company data.

CVE-2021-22573: chore(main): release 1.33.3 by release-please[bot] · Pull Request #872 · googleapis/google-oauth-java-client

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above

How to Choose Tech Stack for Mobile App Development

By Owais Sultan What a good tech stack for a mobile app is and how to, actually, pick the right one… This is a post from HackRead.com Read the original post: How to Choose Tech Stack for Mobile App Development

Craft fair vendors targeted by fake event scammers on Facebook

Scammers are targeting sellers of hand-crafted goods with bogus craft fair invitations. The post Craft fair vendors targeted by fake event scammers on Facebook appeared first on Malwarebytes Labs.