Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

CVE-2022-23000: WDC-22011 My Cloud Firmware Version 5.23.114 | Western Digital

The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.

CVE
Open in Source
#xss#vulnerability#web#mac#dos#git#java#auth#ssl
CVE-2022-33969: Changeset 2648808 – WordPress Plugin Repository

Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress.

CVE-2022-29495: Popup Builder – Create highly converting, mobile friendly marketing popups.

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.

What Firewalls Can — and Can't — Accomplish

Understanding the limitations of firewalls is important to protecting the organization from evolving threats.

An Easier Way to Keep Old Python Code Healthy and Secure

Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of

CVE-2022-34487: Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.

CVE-2022-33198: Accordions – Multiple Accordions or FAQs Builder

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.

CVE-2022-31475: GiveWP – Donation Plugin and Fundraising Platform

Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR

Malwarebytes Endpoint Detection and Response can fight—and defeat—advanced ransomware that other security solutions miss. In this post, we’ll walk through what it looks like to deal with a ransomware attack using Malwarebytes EDR. The post Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR appeared first on Malwarebytes Labs.

Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers

Cisco on Wednesday released security patches for 45 vulnerabilities affecting a variety of products, some of which could be exploited to execute arbitrary actions with elevated permissions on affected systems. Of the 45 bugs, one security vulnerability is rated Critical, three are rated High, and 41 are rated Medium in severity.  The most severe of the issues are CVE-2022-20857, CVE-2022-20858,