βΌ CVE-2021-38886 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38903 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29582 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29583 βΌ
π Read
via "National Vulnerability Database".
service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29589 βΌ
π Read
via "National Vulnerability Database".
Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username.π Read
via "National Vulnerability Database".
π1
π΄ Early Discovery of Pipedream Malware a Success Story for Industrial Security π΄
π Read
via "Dark Reading".
Cybersecurity professionals discovered, analyzed, and created defenses against the ICS malware framework before it was deployed, but expect the stakes to keep rising.π Read
via "Dark Reading".
Dark Reading
Early Discovery of Pipedream Malware a Success Story for Industrial Security
Cybersecurity professionals discovered, analyzed, and created defenses against the ICS malware framework before it was deployed, but expect the stakes to keep rising.
π΄ FBI Warns Ransomware Attacks on Agriculture Co-ops Could Upend Food Supply Chain π΄
π Read
via "Dark Reading".
Ransomware groups are looking to strike large agriculture cooperatives during strategic seasons, when they are most vulnerable, according to law enforcement.π Read
via "Dark Reading".
Dark Reading
FBI Warns Ransomware Attacks on Agriculture Co-ops Could Upend Food Supply Chain
Ransomware groups are looking to strike large agriculture cooperatives during strategic seasons, when they are most vulnerable, according to law enforcement.
π΄ Neustar Security Servicesβ UltraDNS Integrates Terraform for Streamlined, Automated DNS Management π΄
π Read
via "Dark Reading".
UltraDNS Terraform Provider enhances productivity, change management.π Read
via "Dark Reading".
Dark Reading
Neustar Security Servicesβ UltraDNS Integrates Terraform for Streamlined, Automated DNS Management
UltraDNS Terraform Provider enhances productivity, change management.
βΌ CVE-2022-1440 βΌ
π Read
via "National Vulnerability Database".
Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker.π Read
via "National Vulnerability Database".
π΄ Sophos Buys Alert-Monitoring Automation Vendor π΄
π Read
via "Dark Reading".
Acquisition of cloud-based alert security company will help Sophos automate tasks bogging down security teams, the company says.π Read
via "Dark Reading".
Dark Reading
Sophos Buys Alert-Monitoring Automation Vendor
Acquisition of cloud-based alert security company will help Sophos automate tasks bogging down security teams, the company says.
π1
βΌ CVE-2021-3971 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27340 βΌ
π Read
via "National Vulnerability Database".
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1108 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0636 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3970 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27342 βΌ
π Read
via "National Vulnerability Database".
Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult().π Read
via "National Vulnerability Database".
βΌ CVE-2021-4210 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0192 βΌ
π Read
via "National Vulnerability Database".
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3972 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27341 βΌ
π Read
via "National Vulnerability Database".
JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-1107 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.π Read
via "National Vulnerability Database".