Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-38808: SQL injection exists in ywoa v6.1 backend/oa/visual/exportExcel.do interface · Issue #26 · cloudwebsoft/ywoa

ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.

CVE
Open in Source
#sql#vulnerability#web#mac#js#git#intel#c++#auth#firefox
SAP SAPControl Web Service Interface Local Privilege Escalation

SAPControl Web Service Interface (sapstartsrv) suffers from a privilege escalation vulnerability via a race condition.

SAP SAProuter Improper Access Control

SAP SAProuter suffers from an improper access control vulnerability where permitting loopback traffic can lead to unexpected behavior.

North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application

A threat with a North Korea nexus has been found leveraging a "novel spear phish methodology" that involves making use of trojanized versions of the PuTTY SSH and Telnet client. Google-owned threat intelligence firm Mandiant attributed the new campaign to an emerging threat cluster it tracks under the name UNC4034. "UNC4034 established communication with the victim over WhatsApp and lured them

Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies

Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python scripts with capabilities to disable operating system (OS) security features such as

Will the Cloud End the Endpoint?

When an organization fully embraces the cloud, traditional endpoints become disposable. Organizations must adapt their security strategy for this reality.

Threat Source newsletter (Sept. 15, 2022) — Why there is no one-stop-shop solution for protecting passwords

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Public schools in the United States already rely on our teachers for so much — they have to be educators, occasional parental figures, nurses, safety officers, law enforcement and much more. Slowly, they’re having to add “IT admin” to their list of roles.  Educational institutions have increasingly become a target for ransomware attacks, an issue already highlighted this year by a major cyber attack on the combined Los Angeles school district in California that schools are still recovering from.  Teachers there reported that during the week of the attack, they couldn’t enter attendance, lost lesson plans and presentations, and had to scrap homework plans. Technology has become ever-present in classrooms, so any minimal disruption in a school’s network or software can throw pretty much everything off.  The last thing teachers need to worry about now is defending against a well-funded threat act...

CVE-2022-1798: Arbitrary file read on host

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.

CVE-2022-37861: TWS100(小网关)_腾狐官网

There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.