‼ CVE-2021-29217 ‼
📖 Read
via "National Vulnerability Database".
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23701 ‼
📖 Read
via "National Vulnerability Database".
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with a redirect to an attacker-controlled domain. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 4 (iLO 4).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39363 ‼
📖 Read
via "National Vulnerability Database".
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29216 ‼
📖 Read
via "National Vulnerability Database".
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29220 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39364 ‼
📖 Read
via "National Vulnerability Database".
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44665 ‼
📖 Read
via "National Vulnerability Database".
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43745 ‼
📖 Read
via "National Vulnerability Database".
A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function📖 Read
via "National Vulnerability Database".
🕴 Fears Rise of Potential Russian Cyberattacks on US, Allies Over Sanctions 🕴
📖 Read
via "Dark Reading".
If past is precedent, the cyber impact of the war in Ukraine could be broad and bruising, experts say.📖 Read
via "Dark Reading".
Dark Reading
Fears Rise of Potential Russian Cyberattacks on US, Allies Over Sanctions
If past is precedent, the cyber impact of the war in Ukraine could be broad and bruising, experts say.
‼ CVE-2022-23835 ‼
📖 Read
via "National Vulnerability Database".
** DISPUTED ** The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often, the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited, in addition to new ones.) NOTE: some vendors characterize this as not a "concrete and exploitable risk."📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0746 ‼
📖 Read
via "National Vulnerability Database".
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34361 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24288 ‼
📖 Read
via "National Vulnerability Database".
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24947 ‼
📖 Read
via "National Vulnerability Database".
Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-34359 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45229 ‼
📖 Read
via "National Vulnerability Database".
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24948 ‼
📖 Read
via "National Vulnerability Database".
A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.📖 Read
via "National Vulnerability Database".
🗓️ DNA data of sexual assault victims exposed in breach at US laboratory 🗓️
📖 Read
via "The Daily Swig".
Medical information included in leak after third-party compromise📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
DNA data of sexual assault victims exposed in breach at US laboratory
Medical information included in leak after third-party compromise
‼ CVE-2022-25328 ‼
📖 Read
via "National Vulnerability Database".
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25327 ‼
📖 Read
via "National Vulnerability Database".
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0247 ‼
📖 Read
via "National Vulnerability Database".
An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions.📖 Read
via "National Vulnerability Database".