‼ CVE-2022-24891 ‼
📖 Read
via "National Vulnerability Database".
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3523 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.📖 Read
via "National Vulnerability Database".
🕴 Chinese APT Bronze President Mounts Spy Campaign on Russian Military 🕴
📖 Read
via "Dark Reading".
The war in Ukraine appears to have triggered a change in mission for the APT known as Bronze President (aka Mustang Panda).📖 Read
via "Dark Reading".
Dark Reading
Chinese APT Bronze President Mounts Spy Campaign on Russian Military
The war in Ukraine appears to have triggered a change in mission for the APT known as Bronze President (aka Mustang Panda).
🕴 Doppler Takes on Secrets Management 🕴
📖 Read
via "Dark Reading".
The startup is the latest company to try to solve the problem of organizing and sharing secrets.📖 Read
via "Dark Reading".
Dark Reading
Doppler Takes on Secrets Management
The startup is the latest company to try to solve the problem of organizing and sharing secrets.
‼ CVE-2022-29859 ‼
📖 Read
via "National Vulnerability Database".
component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29869 ‼
📖 Read
via "National Vulnerability Database".
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28719 ‼
📖 Read
via "National Vulnerability Database".
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29817 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29812 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29811 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29813 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33436 ‼
📖 Read
via "National Vulnerability Database".
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29815 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29816 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29814 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29821 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29818 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29819 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29820 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1509 ‼
📖 Read
via "National Vulnerability Database".
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.📖 Read
via "National Vulnerability Database".
🕴 A Peek into Visa's AI Tools Against Fraud 🕴
📖 Read
via "Dark Reading".
Visa has invested heavily in data analytics and artificial intelligence over the past five years to secure the movement of money and keep fraud rates low.📖 Read
via "Dark Reading".
Dark Reading
A Peek into Visa's AI Tools Against Fraud
Visa has invested heavily in data analytics and artificial intelligence over the past five years to secure the movement of money and keep fraud rates low.