‼ CVE-2021-32984 ‼
📖 Read
via "National Vulnerability Database".
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27651 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27441 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1190 ‼
📖 Read
via "National Vulnerability Database".
Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1185 ‼
📖 Read
via "National Vulnerability Database".
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1121 ‼
📖 Read
via "National Vulnerability Database".
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32986 ‼
📖 Read
via "National Vulnerability Database".
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23699 ‼
📖 Read
via "National Vulnerability Database".
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1100 ‼
📖 Read
via "National Vulnerability Database".
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1111 ‼
📖 Read
via "National Vulnerability Database".
A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23697 ‼
📖 Read
via "National Vulnerability Database".
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.📖 Read
via "National Vulnerability Database".
🕴 Qualys Delivers Multi-Vector EDR 2.0 with Enhanced Prioritization to Quickly Surface the Most Critical Incidents 🕴
📖 Read
via "Dark Reading".
EDR solution provides comprehensive threat detection and reduces the risk of compromise with vulnerability management and patching all from a single agent.📖 Read
via "Dark Reading".
Dark Reading
Qualys Delivers Multi-Vector EDR 2.0 with Enhanced Prioritization to Quickly Surface the Most Critical Incidents
EDR solution provides comprehensive threat detection and reduces the risk of compromise with vulnerability management and patching all from a single agent.
🕴 Citrix® Modernizes Security to Accommodate Hybrid Work 🕴
📖 Read
via "Dark Reading".
Company launches cloud delivered, Zero Trust Network Access solution that protects all apps, data and devices, enabling secure work from anywhere.📖 Read
via "Dark Reading".
Dark Reading
Citrix® Modernizes Security to Accommodate Hybrid Work
Company launches cloud delivered, Zero Trust Network Access solution that protects all apps, data and devices, enabling secure work from anywhere.
🕴 State Department Announces Bureau of Cyberspace and Digital Policy 🕴
📖 Read
via "Dark Reading".
The newly created bureau will help shape norms of responsible government behavior in cyberspace and help US allies bolster their own cybersecurity programs.📖 Read
via "Dark Reading".
Dark Reading
State Department Announces Bureau of Cyberspace and Digital Policy
The newly created bureau will help shape norms of responsible government behavior in cyberspace and help US allies bolster their own cybersecurity programs.
‼ CVE-2022-1236 ‼
📖 Read
via "National Vulnerability Database".
Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25154 ‼
📖 Read
via "National Vulnerability Database".
A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23909 ‼
📖 Read
via "National Vulnerability Database".
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1235 ‼
📖 Read
via "National Vulnerability Database".
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.📖 Read
via "National Vulnerability Database".
🗓️ Singaporean cybersecurity agency launches certification scheme for businesses 🗓️
📖 Read
via "The Daily Swig".
Program comprises separate security marks aimed at SMEs and enterprises📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Singaporean cybersecurity agency launches certification scheme for businesses
Program comprises separate security marks aimed at SMEs and enterprises
‼ CVE-2021-38834 ‼
📖 Read
via "National Vulnerability Database".
easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code.📖 Read
via "National Vulnerability Database".
❌ No-Joke Borat RAT Propagates Ransomware, DDoS ❌
📖 Read
via "Threat Post".
This fresh malware strain extends the functionality of typical trojans with advanced functionality and a series of modules for launching various types of threat activity.📖 Read
via "Threat Post".
Threat Post
No-Joke Borat RAT Propagates Ransomware, DDoS
This fresh malware strain extends the functionality of typical trojans with advanced functionality and a series of modules for launching various types of threat activity.