‼ CVE-2022-24413 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22562 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability.📖 Read
via "National Vulnerability Database".
❌ Microsoft Zero-Days, Wormable Bugs Spark Concern ❌
📖 Read
via "Threat Post".
For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits.📖 Read
via "Threat Post".
Threat Post
Microsoft Zero-Days, Wormable Bugs Spark Concern
For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits.
🕴 How Do I Conduct a Resilience Review? 🕴
📖 Read
via "Dark Reading".
As the first step, make sure that all business-critical data across your organization is protected.📖 Read
via "Dark Reading".
Dark Reading
How Do I Conduct a Resilience Review?
As the first step, make sure that all business-critical data across your organization is protected.
‼ CVE-2022-27416 ‼
📖 Read
via "National Vulnerability Database".
Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27387 ‼
📖 Read
via "National Vulnerability Database".
MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27418 ‼
📖 Read
via "National Vulnerability Database".
Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27381 ‼
📖 Read
via "National Vulnerability Database".
An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27380 ‼
📖 Read
via "National Vulnerability Database".
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27378 ‼
📖 Read
via "National Vulnerability Database".
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27376 ‼
📖 Read
via "National Vulnerability Database".
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29047 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29038 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29052 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29051 ‼
📖 Read
via "National Vulnerability Database".
Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29041 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27385 ‼
📖 Read
via "National Vulnerability Database".
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29046 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29044 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29040 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29042 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".