‼ CVE-2022-27246 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27789 ‼
📖 Read
via "National Vulnerability Database".
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22592 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27244 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24091 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4031 ‼
📖 Read
via "National Vulnerability Database".
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22633 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22634 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22591 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25193 ‼
📖 Read
via "National Vulnerability Database".
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22620 ‼
📖 Read
via "National Vulnerability Database".
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22584 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22604 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22644 ‼
📖 Read
via "National Vulnerability Database".
A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user's contacts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22621 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.📖 Read
via "National Vulnerability Database".
❌ Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure ❌
📖 Read
via "Threat Post".
The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure.📖 Read
via "Threat Post".
Threat Post
Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure
The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure.
‼ CVE-2022-22665 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25182 ‼
📖 Read
via "National Vulnerability Database".
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22640 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
🕴 Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks 🕴
📖 Read
via "Dark Reading".
The maintainer of a widely used npm module served up an unwelcome surprise for developers.📖 Read
via "Dark Reading".
Dark Reading
Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks
The maintainer of a widely used npm module served up an unwelcome surprise for developers.
🕴 Half of Orgs Use Web Application Firewalls to Paper Over Flaws 🕴
📖 Read
via "Dark Reading".
WAFs remain a popular backfill for complex and fraught patch management.📖 Read
via "Dark Reading".
Dark Reading
Half of Orgs Use Web Application Firewalls to Paper Over Flaws
WAFs remain a popular backfill for complex and fraught patch management.