‼ CVE-2022-20804 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24875 ‼
📖 Read
via "National Vulnerability Database".
The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This has been resolved in commit `46d98f2b` and should be available in subsequent versions of the software. Users of the software are advised to manually apply the `46d98f2b` commit or to update when a new version becomes available. As a workaround users should inspect their logs and remove logged secrets as appropriate.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20805 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sever Name Indication (SNI) extension of an HTTP request to discover the destination domain and determine if the request needs to be decrypted. An attacker could exploit this vulnerability by sending a crafted request over TLS from a client to an unknown or controlled URL. A successful exploit could allow an attacker to bypass the decryption process of Cisco Umbrella SWG and allow malicious content to be downloaded to a host on a protected network. There are workarounds that address this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20778 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the authentication component of Cisco Webex Meetings. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20788 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14116 ‼
📖 Read
via "National Vulnerability Database".
An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operations by exploiting this.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22969 ‼
📖 Read
via "National Vulnerability Database".
<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session. This vulnerability exposes OAuth 2.0 Client applications only.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20783 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted H.323 traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to either reboot normally or reboot into maintenance mode, which could result in a DoS condition on the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14117 ‼
📖 Read
via "National Vulnerability Database".
A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP.📖 Read
via "National Vulnerability Database".
🕴 Devo Acquires Threat Hunting Company Kognos 🕴
📖 Read
via "Dark Reading".
Acquisition will blend autonomous threat hunting with cloud-native security analytics for automating security tasks.📖 Read
via "Dark Reading".
Dark Reading
Devo Acquires Threat Hunting Company Kognos
Acquisition will blend autonomous threat hunting with cloud-native security analytics for automating security tasks.
🕴 What Steps Do I Take to Shift Left in Security? 🕴
📖 Read
via "Dark Reading".
Security has benefited from shifting many late-cycle disciplines left, or earlier in the cycle.📖 Read
via "Dark Reading".
Dark Reading
What Steps Do I Take to Shift Left in Security?
Security has benefited from shifting many late-cycle disciplines left or earlier in the cycle.
‼ CVE-2022-28016 ‼
📖 Read
via "National Vulnerability Database".
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\deduction_edit.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28015 ‼
📖 Read
via "National Vulnerability Database".
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\cashadvance_edit.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28013 ‼
📖 Read
via "National Vulnerability Database".
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\schedule_employee_edit.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28011 ‼
📖 Read
via "National Vulnerability Database".
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\schedule_delete.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28434 ‼
📖 Read
via "National Vulnerability Database".
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28435 ‼
📖 Read
via "National Vulnerability Database".
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28437 ‼
📖 Read
via "National Vulnerability Database".
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28421 ‼
📖 Read
via "National Vulnerability Database".
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=posts&action=display&value=1&postid=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28443 ‼
📖 Read
via "National Vulnerability Database".
UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28431 ‼
📖 Read
via "National Vulnerability Database".
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2.📖 Read
via "National Vulnerability Database".