‼ CVE-2022-22332 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21235 ‼
📖 Read
via "National Vulnerability Database".
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22328 ‼
📖 Read
via "National Vulnerability Database".
IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22331 ‼
📖 Read
via "National Vulnerability Database".
IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22327 ‼
📖 Read
via "National Vulnerability Database".
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859.📖 Read
via "National Vulnerability Database".
🕴 NSA Employee Indicted for Sending Classified Data Outside the Agency 🕴
📖 Read
via "Dark Reading".
Even the NSA has a malicious insider problem. The employee used his personal emails to send classified data to unauthorized outsiders on 13 different occasions.📖 Read
via "Dark Reading".
Dark Reading
NSA Employee Indicted for Sending Classified Data Outside the Agency
Even the NSA has a malicious insider problem. The employee used his personal emails to send classified data to unauthorized outsiders on 13 different occasions.
‼ CVE-2022-21223 ‼
📖 Read
via "National Vulnerability Database".
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24440 ‼
📖 Read
via "National Vulnerability Database".
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-1207 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23158 ‼
📖 Read
via "National Vulnerability Database".
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23157 ‼
📖 Read
via "National Vulnerability Database".
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24426 ‼
📖 Read
via "National Vulnerability Database".
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26562 ‼
📖 Read
via "National Vulnerability Database".
An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23156 ‼
📖 Read
via "National Vulnerability Database".
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23155 ‼
📖 Read
via "National Vulnerability Database".
Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24066 ‼
📖 Read
via "National Vulnerability Database".
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover.📖 Read
via "National Vulnerability Database".
🕴 Apple's Zero-Day Woes Continue 🕴
📖 Read
via "Dark Reading".
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.📖 Read
via "Dark Reading".
Dark Reading
Apple's Zero-Day Woes Continue
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.
‼ CVE-2022-22963 ‼
📖 Read
via "National Vulnerability Database".
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27177 ‼
📖 Read
via "National Vulnerability Database".
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25156 ‼
📖 Read
via "National Vulnerability Database".
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1098 ‼
📖 Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges📖 Read
via "National Vulnerability Database".