βΌ CVE-2021-3620 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3602 βΌ
π Read
via "National Vulnerability Database".
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).π Read
via "National Vulnerability Database".
βΌ CVE-2022-23899 βΌ
π Read
via "National Vulnerability Database".
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0492 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in the Linux kernelΓ’β¬β’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25125 βΌ
π Read
via "National Vulnerability Database".
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23898 βΌ
π Read
via "National Vulnerability Database".
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3609 βΌ
π Read
via "National Vulnerability Database".
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24724 βΌ
π Read
via "National Vulnerability Database".
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22700 βΌ
π Read
via "National Vulnerability Database".
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.π Read
via "National Vulnerability Database".
π΄ Accelerated Ransomware Attacks Pressure Targeted Companies to Speed Response π΄
π Read
via "Dark Reading".
Threat actors have focused on two ends of the spectrum β quick, impactful attacks or stealthy intrusions β making strong prevention and faster response more important for enterprises.π Read
via "Dark Reading".
βΌ CVE-2022-21716 βΌ
π Read
via "National Vulnerability Database".
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22691 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23709 βΌ
π Read
via "National Vulnerability Database".
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22692 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23710 βΌ
π Read
via "National Vulnerability Database".
A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victimΓ’β¬β’s browser.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38577 βΌ
π Read
via "National Vulnerability Database".
Heap Overflow in BaseBmpSupportLib.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22693 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22686 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23052 βΌ
π Read
via "National Vulnerability Database".
PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38578 βΌ
π Read
via "National Vulnerability Database".
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22943 βΌ
π Read
via "National Vulnerability Database".
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.π Read
via "National Vulnerability Database".