‼ CVE-2022-23187 ‼
📖 Read
via "National Vulnerability Database".
Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25601 ‼
📖 Read
via "National Vulnerability Database".
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32475 ‼
📖 Read
via "National Vulnerability Database".
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23731 ‼
📖 Read
via "National Vulnerability Database".
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26341 ‼
📖 Read
via "National Vulnerability Database".
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32476 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24433 ‼
📖 Read
via "National Vulnerability Database".
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23933 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25600 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0921 ‼
📖 Read
via "National Vulnerability Database".
Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32474 ‼
📖 Read
via "National Vulnerability Database".
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23931 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.📖 Read
via "National Vulnerability Database".
🕴 Ukrainian Man Arrested for Alleged Role in Ransomware Attack on Kaseya, Others 🕴
📖 Read
via "Dark Reading".
He's the fifth member of the REvil ransomware gang to get busted in the past year.📖 Read
via "Dark Reading".
Dark Reading
Ukrainian Man Arrested for Alleged Role in Ransomware Attack on Kaseya, Others
He's the fifth member of the REvil ransomware gang to get busted in the past year.
🕴 Is XDR Right for My Organization? 🕴
📖 Read
via "Dark Reading".
Well ... it depends on what you're trying to accomplish, at least for now. The good news is that many modern SIEMs are starting to adopt XDR-like capabilities.📖 Read
via "Dark Reading".
Dark Reading
Is XDR Right for My Organization?
Well ... it depends on what you're trying to accomplish, at least for now. The good news is that many modern SIEMs are starting to adopt XDR-like capabilities.
‼ CVE-2022-24754 ‼
📖 Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44667 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25839 ‼
📖 Read
via "National Vulnerability Database".
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is.📖 Read
via "National Vulnerability Database".
🕴 How Enterprises Can Get Used to Deploying AI for Security 🕴
📖 Read
via "Dark Reading".
It's important to take a "trust journey" to see how AI technology can benefit an organization's cybersecurity.📖 Read
via "Dark Reading".
Dark Reading
How Enterprises Can Get Used to Deploying AI for Security
It's important to take a "trust journey" to see how AI technology can benefit an organization's cybersecurity.
🕴 When IT Spending Plans Don't Reflect Security Priorities 🕴
📖 Read
via "Dark Reading".
Data shows a disconnect between what decisionmakers consider top endpoint security priorities and how they focus their budget.📖 Read
via "Dark Reading".
Dark Reading
When IT Spending Plans Don't Reflect Security Priorities
Data shows a disconnect between what decisionmakers consider top endpoint security priorities and how they focus their budget.
‼ CVE-2022-24416 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.📖 Read
via "National Vulnerability Database".
🤔1
‼ CVE-2022-24415 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.📖 Read
via "National Vulnerability Database".