‼ CVE-2022-21659 ‼
📖 Read
via "National Vulnerability Database".
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Users are advised to upgrade to version 3.4.4 as soon as possible. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24263 ‼
📖 Read
via "National Vulnerability Database".
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24264 ‼
📖 Read
via "National Vulnerability Database".
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23872 ‼
📖 Read
via "National Vulnerability Database".
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24265 ‼
📖 Read
via "National Vulnerability Database".
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24266 ‼
📖 Read
via "National Vulnerability Database".
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.📖 Read
via "National Vulnerability Database".
🕴 Security Service Edge Boosters Form New Forum to Encourage Adoption 🕴
📖 Read
via "Dark Reading".
IT leaders who formed the SSE Forum say the technology offers cloud-forward security for modern workplaces.📖 Read
via "Dark Reading".
Dark Reading
Security Service Edge Boosters Form New Forum to Encourage Adoption
IT leaders who formed the SSE Forum say the technology offers cloud-forward security for modern workplaces.
🕴 Mandiant: One in 7 Ransomware Extortion Attacks Expose OT Data 🕴
📖 Read
via "Dark Reading".
Analysis of 'shaming site' data dumps found sensitive documentation from OT organizations including oil & gas.📖 Read
via "Dark Reading".
Dark Reading
Mandiant: 1 in 7 Ransomware Extortion Attacks Exposes OT Data
Analysis of "shaming site" data dumps found sensitive documentation from OT organizations, including oil and gas.
👍1
‼ CVE-2021-46662 ‼
📖 Read
via "National Vulnerability Database".
MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-46667 ‼
📖 Read
via "National Vulnerability Database".
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46664 ‼
📖 Read
via "National Vulnerability Database".
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46669 ‼
📖 Read
via "National Vulnerability Database".
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46665 ‼
📖 Read
via "National Vulnerability Database".
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46666 ‼
📖 Read
via "National Vulnerability Database".
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3534 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-34981. Reason: This candidate is a reservation duplicate of CVE-2021-34981. Notes: All CVE users should reference CVE-2021-34981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46663 ‼
📖 Read
via "National Vulnerability Database".
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46661 ‼
📖 Read
via "National Vulnerability Database".
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46668 ‼
📖 Read
via "National Vulnerability Database".
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.📖 Read
via "National Vulnerability Database".
🕴 Coalition Launches Executive Risks Products With Personalized Risk Assessment 🕴
📖 Read
via "Dark Reading".
Coalition now offering Directors & Officers (D&O) and Employment Practices Liability (EPL) with new tools and features to all broker partners.📖 Read
via "Dark Reading".
Dark Reading
Coalition Launches Executive Risks Products With Personalized Risk Assessment
Coalition now offering Directors & Officers (D&O) and Employment Practices Liability (EPL) with new tools and features to all broker partners.
🕴 Cymulate Launches Service to Augment In-House Security Teams 🕴
📖 Read
via "Dark Reading".
Amplify bolsters organizations with limited resources to optimize their security posture.📖 Read
via "Dark Reading".
Dark Reading
Cymulate Launches Service to Augment In-House Security Teams
Amplify bolsters organizations with limited resources to optimize their security posture.
❌ Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities ❌
📖 Read
via "Threat Post".
LOLBins help attackers become invisible to security platforms. Uptycs provides a rundown of the most commonly abused native utilities for Windows, Linux and macOS – and advice for protection.📖 Read
via "Threat Post".
Threat Post
Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities
LOLBins help attackers become invisible to security platforms. Uptycs provides a rundown of the most commonly abused native utilities for Windows, Linux and macOS – and advice for protection.