Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

CVE-2022-0072: openlitespeed/httpserver.cpp at v1.7.16 · litespeedtech/openlitespeed

Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1

CVE
Open in Source
#xss#vulnerability#web#ios#mac#apple#linux#apache#redis#nodejs#js#git#java#php#pdf#auth#ssh#ruby#sap#ssl
CVE-2022-42055: GL.iNET MT300N-V2 Vulnerabilities and Hardware Teardown

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.

Google Trumpets US Federal Open Source Security Initiative

A bipartisan bill aims to create a usable framework for the use of open source components when building applications, which Google is urging the private sector to support.

Content Security Market Worth $2.2 Million by 2027 - Exclusive Study by MarketsandMarkets(TM)

Concerns about breaches of sensitive information due to execution of malware scripts and growing adoption of cloud-based services are fueling growth of the content security market.

Google Enters Into Stipulated Agreement to Improve Legal Process Compliance Program

Google admitted to loss of data responsive to 2016 search warrant and agreed to program enhancements, reporting obligations, and a first-of-its-kind Independent Compliance Professional.

Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security

As more of the software stack consists of third-party code, it's time for a more-advanced open source vetting system.

Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military

The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022.  The development marks a shift in the attacker's modus operandi, which has been previously attributed to spoofing legitimate apps like Advanced IP Scanner and pdfFiller to drop backdoors on

CVE-2022-31468: OX App Suite Cross Site Scripting

OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.

CVE-2022-35739: PRTG Network Monitor - Version History

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.

CVE-2022-35132: Webmin

Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.