‼ CVE-2022-23724 ‼
📖 Read
via "National Vulnerability Database".
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20779 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20785 ‼
📖 Read
via "National Vulnerability Database".
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20777 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20051 ‼
📖 Read
via "National Vulnerability Database".
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28556 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28940 ‼
📖 Read
via "National Vulnerability Database".
In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20794 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20796 ‼
📖 Read
via "National Vulnerability Database".
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20734 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23443 ‼
📖 Read
via "National Vulnerability Database".
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20770 ‼
📖 Read
via "National Vulnerability Database".
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.📖 Read
via "National Vulnerability Database".
🔏 What Is the Defense Federal Acquisition Regulation Supplement (DFARS)? 🔏
📖 Read
via "".
Learn more about what DFARS compliance means, who and what it applies to, and what the minimum requirements are for organizations to comply.📖 Read
via "".
Digital Guardian
What Is the Defense Federal Acquisition Regulation Supplement (DFARS)?
Learn more about what DFARS compliance means, who and what it applies to, and what the minimum requirements are for organizations to comply.
🕴 Q&A: How China Is Exporting Tech-Based Authoritarianism Across the World 🕴
📖 Read
via "Dark Reading".
The US has to adapt its own policies to counter the push, warns former DocuSign CEO and Under Secretary of State Keith Krach.📖 Read
via "Dark Reading".
Dark Reading
Q&A: How China Is Exporting Tech-Based Authoritarianism Across the World
The US has to adapt its own policies to counter the push, warns former DocuSign CEO and Under Secretary of State Keith Krach.
🕴 Microsoft Releases Defender for SMBs 🕴
📖 Read
via "Dark Reading".
Microsoft's stand-alone version of Defender for SMBs promises to help SecOps teams automate detection, response, and recovery.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Releases Defender for SMBs
Microsoft's stand-alone version of Defender for SMBs promises to help SecOps teams automate detection, response, and recovery.
🕴 China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack 🕴
📖 Read
via "Dark Reading".
Operation CuckooBees uncovered the state-sponsored group's sophisticated new tactics in a years-long campaign that hit more than 30 tech and manufacturing companies.📖 Read
via "Dark Reading".
Dark Reading
China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack
Operation CuckooBees uncovered the state-sponsored group's sophisticated new tactics in a years-long campaign that hit more than 30 tech and manufacturing companies.
‼ CVE-2022-30241 ‼
📖 Read
via "National Vulnerability Database".
The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29943 ‼
📖 Read
via "National Vulnerability Database".
Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1584 ‼
📖 Read
via "National Vulnerability Database".
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29942 ‼
📖 Read
via "National Vulnerability Database".
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-25786 ‼
📖 Read
via "National Vulnerability Database".
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7.📖 Read
via "National Vulnerability Database".