‼ CVE-2022-1233 ‼
📖 Read
via "National Vulnerability Database".
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1174 ‼
📖 Read
via "National Vulnerability Database".
A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0740 ‼
📖 Read
via "National Vulnerability Database".
Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27609 ‼
📖 Read
via "National Vulnerability Database".
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user to disable Forcepoint One Endpoint and the protection offered by it.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27649 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23700 ‼
📖 Read
via "National Vulnerability Database".
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27650 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32985 ‼
📖 Read
via "National Vulnerability Database".
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32978 ‼
📖 Read
via "National Vulnerability Database".
The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32984 ‼
📖 Read
via "National Vulnerability Database".
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27651 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27441 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1190 ‼
📖 Read
via "National Vulnerability Database".
Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1185 ‼
📖 Read
via "National Vulnerability Database".
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1121 ‼
📖 Read
via "National Vulnerability Database".
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32986 ‼
📖 Read
via "National Vulnerability Database".
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23699 ‼
📖 Read
via "National Vulnerability Database".
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1100 ‼
📖 Read
via "National Vulnerability Database".
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1111 ‼
📖 Read
via "National Vulnerability Database".
A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23697 ‼
📖 Read
via "National Vulnerability Database".
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.📖 Read
via "National Vulnerability Database".
🕴 Qualys Delivers Multi-Vector EDR 2.0 with Enhanced Prioritization to Quickly Surface the Most Critical Incidents 🕴
📖 Read
via "Dark Reading".
EDR solution provides comprehensive threat detection and reduces the risk of compromise with vulnerability management and patching all from a single agent.📖 Read
via "Dark Reading".
Dark Reading
Qualys Delivers Multi-Vector EDR 2.0 with Enhanced Prioritization to Quickly Surface the Most Critical Incidents
EDR solution provides comprehensive threat detection and reduces the risk of compromise with vulnerability management and patching all from a single agent.