Graph Analysis of the Conti Ransomware Group Internal Chats

We were presented with a remarkably rich source of intelligence with the leaked communications from the Conti ransomware group. It’s a compelling and insightful read. The leaked information contains details on messages, including information on timestamps, sender, receiver, and the actual body of...

CVE-2022-0729

A flaw was found in vim. The vulnerability occurs due to crashes within specific regexp patterns and strings and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s...

SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2022:0504-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0504-1 advisory. - The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a resul...

CVE-2022-23707

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users...

CVE-2022-23707

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users...

CVE-2022-23707

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users...

Cross site scripting

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users...

CVE-2022-23707

Summary: CVE-2022-23707 is a cross-site scripting (XSS) vulnerability in Kibana index patterns. An authenticated user with permissions to create index patterns could inject malicious JavaScript into an index pattern, potentially executing against other users. Affected versions (per sources): Kiba...

CVE-2022-23707

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users...

CVE-2022-0011

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed depending on your rules regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list EDL i...

CVE-2022-0011 PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed depending on your rules regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list EDL i...

PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed depending on your rules regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list EDL i...

CVE-2022-23707

A Cross-Site Scripting XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permission to create index patterns can inject malicious javascript into the index pattern, which could execute against other users...

Kibana 7.17.0 Security Update

Kibana Cross-site scripting issue ESA-2022-01 An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users. Affected...

CVE-2022-23304

The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. The highest threat from this vulnerability is to availability, confidentiality and integrity...

CVE-2022-23303

The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. The highest threat from this vulnerability is to availability, confidentiality and integrity...

Slackware Linux 14.0 / 14.1 / 14.2 / current wpa_supplicant Multiple Vulnerabilities (SSA:2022-019-01)

The version of wpasupplicant installed on the remote host is prior to 2.10 / 2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-019-01 advisory. - The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result ...

MGASA-2022-0025 Updated wpa_supplicant packages fix security vulnerability

The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494...

CVE-2022-23304

The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...

AZL-7747 CVE-2022-23303 affecting package wpa_supplicant for versions less than 2.10-1

The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494...