Friday, February 3, 2023
Latest:

Recent news in security

Security Vulns 

CVE-2022-47131 | Academy LMS up to 5.9 cross-site request forgery

A vulnerability was found in Academy LMS up to 5.9. It has been declared as problematic. Affected by this vulnerability

Security Vulns 

CVE-2022-48074 | NoMachine up to 8.2.2 NXS File Privilege Escalation

A vulnerability was found in NoMachine up to 8.2.2. It has been classified as problematic. Affected is an unknown function

Security Vulns 

CVE-2022-48022 | Zammad 5.3.0 Ticket /api/v1/mentions permission

A vulnerability was found in Zammad 5.3.0 and classified as critical. This issue affects some unknown processing of the file

Vendor

CERTs

Vulnerabilities

Taking the next step: OSS-Fuzz in 2023

Yanac

Detecting credential access without losing cred

Yanac

Password-stealing “vulnerability” reported in KeePass – bug or feature?

Yanac

Password-stealing “vulnerability” reported in KeePass – bug or feature?

Yanac

OneNote Documents Increasingly Used to Deliver Malware

Yanac

7 Key Takeaways for Financial Services from Recent Research

Yanac

ChatGPT: Is its use of people’s data even legal?

Yanac

GitHub code-signing certificates stolen (but will be revoked this week)

Yanac

The White House on Quantum Encryption and IoT Labels

Yanac

Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin

Yanac

“Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516” One of the C… https://t.co/JkpigsMiDw

RT @LU_CIX: Join us next week at the #Luxembourg #Internet Days for the speech of Jean-Louis HUYNEN from @circl_lu on how to model and shar…

The MeliCERTes project is concluding after 3-years of hard work to create an open platforms to collaborate on cyber… https://t.co/a5ZXDDwQOi

RT @MISPProject: A huge thank to all participants, organisers and speakers at @FIRSTdotOrg #FIRSTCTI22 in Berlin. It was a blast. Our MISP…

The https://t.co/WLopIGLEjT typosquatting finder service has been updated, multiple bugs were fixed and some improv… https://t.co/kZQxUQqXp1

“There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remot… https://t.co/XzeKglLfS4

RT @virusbtn: The Zimperium zLabs team write about the architecture and modus operandi of the Cloud9 malicious browser extension. https://t…

RT @campuscodi: The Microsoft November 2022 Patch Tuesday updates are out. 68 vulnerabilities fixed. Also, 4 zero-days: -CVE-2022-41128, J…

RT @MISPProject: Presentation of Cerebrate by @Iglocska at #FIRSTCTI22 the new open source tools developed in the scope of the MeliCERTes p…

RT @JeroenPinoy: The last couple of evenings I’ve been trying to help someone who fell victim to a ‘crypto investment’ scam. In short: she…

CVE-2022-47131 | Academy LMS up to 5.9 cross-site request forgery

CVE-2022-48074 | NoMachine up to 8.2.2 NXS File Privilege Escalation

CVE-2022-48022 | Zammad 5.3.0 Ticket /api/v1/mentions permission

CVE-2022-48021 | Zammad 5.3.0 Message Privilege Escalation

CVE-2022-47132 | Academy LMS up to 5.9 Add Administrator cross-site request forgery

CVE-2022-4714 | WP Dark Mode up to 3.0.6 on WordPress Shortcode cross site scripting

CVE-2023-23636 | Jellyfin up to 10.8.3 Playlist Name cross site scripting (ID 3788)

CVE-2023-23635 | Jellyfin up to 10.8.3 Collection Name cross site scripting (ID 3788)

Remote Code Execution Vulnerability in Atom CMS 2.0 (CVE-2022-25487)

CVE-2022-4897 | BackupBuddy Plugin up to 8.8.2 on WordPress cross site scripting