βΌ CVE-2022-22563 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36290 βΌ
π Read
via "National Vulnerability Database".
Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26588 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26855 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-36293 βΌ
π Read
via "National Vulnerability Database".
Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26854 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system accessπ Read
via "National Vulnerability Database".
π΄ Google Removes Dangerous Banking Malware From Play Store π΄
π Read
via "Dark Reading".
SharkBot was hidden in apps masquerading as antivirus tools.π Read
via "Dark Reading".
Dark Reading
Google Removes Dangerous Banking Malware From Play Store
SharkBot was hidden in apps masquerading as antivirus tools.
βΌ CVE-2022-26877 βΌ
π Read
via "National Vulnerability Database".
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27149 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27883 βΌ
π Read
via "National Vulnerability Database".
A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28363 βΌ
π Read
via "National Vulnerability Database".
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28364 βΌ
π Read
via "National Vulnerability Database".
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28365 βΌ
π Read
via "National Vulnerability Database".
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1287 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1288 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1290 βΌ
π Read
via "National Vulnerability Database".
Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1289 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.π Read
via "National Vulnerability Database".
π€―1
π’ Mounting US data disasters show we're lucky to have GDPR π’
π Read
via "ITPro".
A long list of failures by US companies shows the governmentβs planned overhaul of the UK data protection landscape needs much closer scrutinyπ Read
via "ITPro".
IT PRO
Mounting US data disasters show we're lucky to have GDPR | IT PRO
A long list of failures by US companies shows the governmentβs planned overhaul of the UK data protection landscape needs much closer scrutiny
π’ Why the ECJ's metadata ruling endangers the safety of women π’
π Read
via "ITPro".
Until we live in a society in which women are safe, we might need to compromise on mass data collectionπ Read
via "ITPro".
IT PRO
Why the ECJ's metadata ruling endangers the safety of women | IT PRO
Until we live in a society in which women are safe, we might need to compromise on mass data collection
π’ Rackspace partners with Cohesity on new data protection services for VMware workloads π’
π Read
via "ITPro".
Deal aims to eliminate legacy backup silos and provide comprehensive protection against the βarray of rising data threatsβπ Read
via "ITPro".
IT PRO
Rackspace partners with Cohesity on new data protection services for VMware workloads | IT PRO
Deal aims to eliminate legacy backup silos and provide comprehensive protection against the βarray of rising data threatsβ
π’ Raspberry Pi OS update bolsters security against brute force attacks π’
π Read
via "ITPro".
The security change was made in line with increasing number of countries choosing to outlaw default credentialsπ Read
via "ITPro".
IT PRO
Raspberry Pi OS update bolsters security against brute force attacks | IT PRO
The security change was made in line with increasing number of countries choosing to outlaw default credentials