‼ CVE-2022-1190 ‼
📖 Read
via "National Vulnerability Database".
Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1185 ‼
📖 Read
via "National Vulnerability Database".
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1121 ‼
📖 Read
via "National Vulnerability Database".
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32986 ‼
📖 Read
via "National Vulnerability Database".
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23699 ‼
📖 Read
via "National Vulnerability Database".
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1100 ‼
📖 Read
via "National Vulnerability Database".
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1111 ‼
📖 Read
via "National Vulnerability Database".
A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23697 ‼
📖 Read
via "National Vulnerability Database".
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.📖 Read
via "National Vulnerability Database".
🕴 Qualys Delivers Multi-Vector EDR 2.0 with Enhanced Prioritization to Quickly Surface the Most Critical Incidents 🕴
📖 Read
via "Dark Reading".
EDR solution provides comprehensive threat detection and reduces the risk of compromise with vulnerability management and patching all from a single agent.📖 Read
via "Dark Reading".
Dark Reading
Qualys Delivers Multi-Vector EDR 2.0 with Enhanced Prioritization to Quickly Surface the Most Critical Incidents
EDR solution provides comprehensive threat detection and reduces the risk of compromise with vulnerability management and patching all from a single agent.
🕴 Citrix® Modernizes Security to Accommodate Hybrid Work 🕴
📖 Read
via "Dark Reading".
Company launches cloud delivered, Zero Trust Network Access solution that protects all apps, data and devices, enabling secure work from anywhere.📖 Read
via "Dark Reading".
Dark Reading
Citrix® Modernizes Security to Accommodate Hybrid Work
Company launches cloud delivered, Zero Trust Network Access solution that protects all apps, data and devices, enabling secure work from anywhere.
🕴 State Department Announces Bureau of Cyberspace and Digital Policy 🕴
📖 Read
via "Dark Reading".
The newly created bureau will help shape norms of responsible government behavior in cyberspace and help US allies bolster their own cybersecurity programs.📖 Read
via "Dark Reading".
Dark Reading
State Department Announces Bureau of Cyberspace and Digital Policy
The newly created bureau will help shape norms of responsible government behavior in cyberspace and help US allies bolster their own cybersecurity programs.
‼ CVE-2022-1236 ‼
📖 Read
via "National Vulnerability Database".
Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25154 ‼
📖 Read
via "National Vulnerability Database".
A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23909 ‼
📖 Read
via "National Vulnerability Database".
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1235 ‼
📖 Read
via "National Vulnerability Database".
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.📖 Read
via "National Vulnerability Database".
🗓️ Singaporean cybersecurity agency launches certification scheme for businesses 🗓️
📖 Read
via "The Daily Swig".
Program comprises separate security marks aimed at SMEs and enterprises📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Singaporean cybersecurity agency launches certification scheme for businesses
Program comprises separate security marks aimed at SMEs and enterprises
‼ CVE-2021-38834 ‼
📖 Read
via "National Vulnerability Database".
easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code.📖 Read
via "National Vulnerability Database".
❌ No-Joke Borat RAT Propagates Ransomware, DDoS ❌
📖 Read
via "Threat Post".
This fresh malware strain extends the functionality of typical trojans with advanced functionality and a series of modules for launching various types of threat activity.📖 Read
via "Threat Post".
Threat Post
No-Joke Borat RAT Propagates Ransomware, DDoS
This fresh malware strain extends the functionality of typical trojans with advanced functionality and a series of modules for launching various types of threat activity.
🕴 How to Prepare for Cyber Threats During the Russian Invasion of Ukraine 🕴
📖 Read
via "Dark Reading".
Remain calm, maintain control, and triage responses appropriately to ensure that the organization can remain resilient against threats during this crisis and through others to come.📖 Read
via "Dark Reading".
Dark Reading
How to Prepare for Cyber Threats During the Russian Invasion of Ukraine
Remain calm, maintain control, and triage responses appropriately to ensure that the organization can remain resilient against threats during this crisis and through others to come.
🕴 FIN7 Morphs into a Broader, More Dangerous Cybercrime Group 🕴
📖 Read
via "Dark Reading".
Mandiant has now tied the group to at least eight unattributed clusters of activity targeting organizations across various industries and regions.📖 Read
via "Dark Reading".
Dark Reading
FIN7 Morphs into a Broader, More Dangerous Cybercrime Group
Mandiant has now tied the group to at least eight unattributed clusters of activity targeting organizations across various industries and regions.
‼ CVE-2022-26358 ‼
📖 Read
via "National Vulnerability Database".
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.📖 Read
via "National Vulnerability Database".