Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards
“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion: His two cats. They’re always by his side...
K82896488: Cyrus SASL vulnerability CVE-2022-24407
Cyrus SASL vulnerability CVE-2022-24407 Security Advisory Security Advisory Description In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL ...
K91589041: Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827
Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827 Security Advisory Security Advisory Description CVE-2021-45960 In Expat (aka libexpat) before 2.4.3, a left ...
K18484125: Eclipse Jetty vulnerability CVE-2020-27216
Eclipse Jetty vulnerability CVE-2020-27216 Security Advisory Security Advisory Description In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 ...
Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability
<p>A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to <span class="TextRun Highlight SCXO16456276 BCX2"><span class="NormalTextRun SCXO16456276 BCX2">conduct a cross-site scripting attack on an affected system.</span></span></p>
<p>This vulnerability is due to unsanitized user input....
Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
<p>A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.</p>
<p>This vulnerability is due to insufficient validation of user-supplied...
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities
<p>Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.</p>
<p>These vulnerabilities are due to insufficient validation...
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
<p>Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device.</p>
<p>For more information about these...
Cisco Secure Network Analytics Remote Code Execution Vulnerability
<p>A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system.</p>
<p>This vulnerability is due to insufficient user input...
VMSA-2022-0014: What You Need to Know
On May 18, 2022 VMware released VMSA-2022-0014, a critical advisory addressing security vulnerabilities found and resolved in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products. VMware Identity Manager is...
K87323016: Apache mod_proxy vulnerability CVE-2020-13950
Apache mod_proxy vulnerability CVE-2020-13950 Security Advisory Security Advisory Description Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer ...
Apple Security Advisory 2022-05-16-8
Apple Security Advisory 2022-05-16-8 - Xcode 13.4 addresses a logic issue and a privilege escalation issue.
Apple Security Advisory 2022-05-16-7
Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-6
Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-5
Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.