‼ CVE-2022-22315 ‼
📖 Read
via "National Vulnerability Database".
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28197 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28196 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28195 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24372 ‼
📖 Read
via "National Vulnerability Database".
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28194 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality.📖 Read
via "National Vulnerability Database".
🕴 CISA: Log4Shell Was the Most-Exploited Vulnerability in 2021 🕴
📖 Read
via "Dark Reading".
Internet-facing zero-day vulnerabilities were the most commonly used types of bugs in 2021 attacks, according to the international Joint Cybersecurity Advisory (JCSA).📖 Read
via "Dark Reading".
Dark Reading
CISA: Log4Shell Was the Most-Exploited Vulnerability in 2021
Internet-facing zero-day vulnerabilities were the most commonly used types of bugs in 2021 attacks, according to the international Joint Cybersecurity Advisory (JCSA).
🕴 Synopsys to Acquire WhiteHat Security from NTT 🕴
📖 Read
via "Dark Reading".
Acquisition expands security software-as-a-service capabilities.📖 Read
via "Dark Reading".
Dark Reading
press release
press releases
🔏 What is Digital Rights Management? 🔏
📖 Read
via "".
Learn about digital rights management and why it is important in Data Protection 101, our series on the fundamentals of information security.📖 Read
via "".
Digitalguardian
What is Digital Rights Management (DRM)? (The Definitive Guide)
Learn about digital rights management and why it is important in Data Protection 101, our series on the fundamentals of information security.
‼ CVE-2022-24735 ‼
📖 Read
via "National Vulnerability Database".
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24736 ‼
📖 Read
via "National Vulnerability Database".
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0, 6.2.X and 6.0.X. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24891 ‼
📖 Read
via "National Vulnerability Database".
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3523 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.📖 Read
via "National Vulnerability Database".
🕴 Chinese APT Bronze President Mounts Spy Campaign on Russian Military 🕴
📖 Read
via "Dark Reading".
The war in Ukraine appears to have triggered a change in mission for the APT known as Bronze President (aka Mustang Panda).📖 Read
via "Dark Reading".
Dark Reading
Chinese APT Bronze President Mounts Spy Campaign on Russian Military
The war in Ukraine appears to have triggered a change in mission for the APT known as Bronze President (aka Mustang Panda).
🕴 Doppler Takes on Secrets Management 🕴
📖 Read
via "Dark Reading".
The startup is the latest company to try to solve the problem of organizing and sharing secrets.📖 Read
via "Dark Reading".
Dark Reading
Doppler Takes on Secrets Management
The startup is the latest company to try to solve the problem of organizing and sharing secrets.
‼ CVE-2022-29859 ‼
📖 Read
via "National Vulnerability Database".
component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29869 ‼
📖 Read
via "National Vulnerability Database".
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28719 ‼
📖 Read
via "National Vulnerability Database".
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29817 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29812 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29811 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.📖 Read
via "National Vulnerability Database".