‼ CVE-2022-28545 ‼
📖 Read
via "National Vulnerability Database".
FUDforum 3.1.1 is vulnerable to Stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28164 ‼
📖 Read
via "National Vulnerability Database".
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26253 ‼
📖 Read
via "National Vulnerability Database".
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29420 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21934 ‼
📖 Read
via "National Vulnerability Database".
Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33845 ‼
📖 Read
via "National Vulnerability Database".
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28163 ‼
📖 Read
via "National Vulnerability Database".
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1053 ‼
📖 Read
via "National Vulnerability Database".
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1,📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29421 ‼
📖 Read
via "National Vulnerability Database".
Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42743 ‼
📖 Read
via "National Vulnerability Database".
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39023 ‼
📖 Read
via "National Vulnerability Database".
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31559 ‼
📖 Read
via "National Vulnerability Database".
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36912 ‼
📖 Read
via "National Vulnerability Database".
Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26070 ‼
📖 Read
via "National Vulnerability Database".
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39027 ‼
📖 Read
via "National Vulnerability Database".
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27183 ‼
📖 Read
via "National Vulnerability Database".
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26889 ‼
📖 Read
via "National Vulnerability Database".
The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28507 ‼
📖 Read
via "National Vulnerability Database".
Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28165 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.📖 Read
via "National Vulnerability Database".
🕴 White House Moves to Shore Up US Post-Quantum Cryptography Posture 🕴
📖 Read
via "Dark Reading".
Biden's executive order pushes new NIST quantum-cryptography standards and directs federal government to move toward quantum-resistant cybersecurity.📖 Read
via "Dark Reading".
Darkreading
White House Moves to Shore Up US Post-Quantum Cryptography Posture
Biden's executive order pushes new NIST quantum-cryptography standards and directs federal government to move toward quantum-resistant cybersecurity.
🕴 Scammer Infects His Own Machine with Spyware, Reveals True Identity 🕴
📖 Read
via "Dark Reading".
An operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla.📖 Read
via "Dark Reading".
Darkreading
Scammer Infects His Own Machine With Spyware, Reveals True Identity
An operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla.