βΌ CVE-2022-21388 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: On Premise Install). Supported versions that are affected are 12.0.0.3.0 and 12.0.0.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Pricing Design Center executes to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Pricing Design Center accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21382 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: WebUI). Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Session Border Controller. While the vulnerability is in Oracle Enterprise Session Border Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Session Border Controller accessible data. CVSS 3.1 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21359 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Optimization Framework). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21342 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21257 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2021-35683 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.047. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase Administration Services. While the vulnerability is in Oracle Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Essbase Administration Services. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21402 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Operations Monitor, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Operations Monitor accessible data as well as unauthorized read access to a subset of Oracle Communications Operations Monitor accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21269 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera Portfolio Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21323 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).π Read
via "National Vulnerability Database".
β Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks β
π Read
via "Threat Post".
Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees β including personal health details.π Read
via "Threat Post".
Threat Post
Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks
Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees β including personal health details.
ποΈ Security vulnerabilities in Umbraco CMS could lead to account takeover ποΈ
π Read
via "The Daily Swig".
Partial fix applied for two separate bugs in the open source softwareπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Security vulnerabilities in Umbraco CMS could lead to account takeover
Partial fix applied for two separate bugs in the open source software
π΄ Preparing For the Next Cybersecurity Epidemic: Deepfakes π΄
π Read
via "Dark Reading".
Using blockchain, multifactor authentication, or signatures can help boost authentication security and reduce fraud.π Read
via "Dark Reading".
Dark Reading
Preparing for the Next Cybersecurity Epidemic: Deepfakes
Using blockchain, multifactor authentication, or signatures can help boost authentication security and reduce fraud.
π¦Ώ Phishing attack spoofs US Department of Labor to steal account credentials π¦Ώ
π Read
via "Tech Republic".
A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects.π Read
via "Tech Republic".
TechRepublic
Phishing attack spoofs US Department of Labor to steal account credentials
A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects.
βΌ CVE-2021-46104 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38787 βΌ
π Read
via "National Vulnerability Database".
There is an integer overflow in the ION driver "/dev/ion" of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd "COMPAT_ION_IOC_SUNXI_FLUSH_RANGE" to cause a system crash (denial of service).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45808 βΌ
π Read
via "National Vulnerability Database".
jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44837 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to indicate the risk.π Read
via "National Vulnerability Database".
ποΈ GitHub Actions flaw that allowed code to be approved without review is addressed ποΈ
π Read
via "The Daily Swig".
Uncheck risky setting option offeredπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitHub Actions flaw that allowed code to be approved without review is addressed with new feature rollout
Uncheck risky setting option offered
β Serious Security: Apple Safari leaks private data via database API β what you need to know β
π Read
via "Naked Security".
There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsingπ Read
via "Naked Security".
Naked Security
Serious Security: Apple Safari leaks private data via database API β what you need to know
Thereβs a tiny data leakage bug in the WebKit browser engineβ¦ but it could act as a βsupercookieβ identifier for your browsing
π΄ (ISC)Β² Launches Entry-Level Cybersecurity Course π΄
π Read
via "Dark Reading".
Prospective entrants to the sector will receive instruction on fundamental cybersecurity concepts on which they will be evaluated during the new (ISC)Β² entry-level cybersecurity certification pilot exam.π Read
via "Dark Reading".
Dark Reading
(ISC)Β² Launches Entry-Level Cybersecurity Course
Prospective entrants to the sector will receive instruction on fundamental cybersecurity concepts on which they will be evaluated during the new (ISC)Β² entry-level cybersecurity certification pilot exam.
π΄ LogPoint Releases LogPoint 7, Adding SOAR Capabilities Within SIEM π΄
π Read
via "Dark Reading".
LogPoint 7 includes ready-made integrations to connect with existing security technologies, including endpoint protection, network detection, and threat management.π Read
via "Dark Reading".
Dark Reading
LogPoint Releases LogPoint 7, Adding SOAR Capabilities Within SIEM
LogPoint 7 includes ready-made integrations to connect with existing security technologies, including endpoint protection, network detection, and threat management.