‼ CVE-2021-42743 ‼
📖 Read
via "National Vulnerability Database".
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39023 ‼
📖 Read
via "National Vulnerability Database".
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31559 ‼
📖 Read
via "National Vulnerability Database".
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36912 ‼
📖 Read
via "National Vulnerability Database".
Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26070 ‼
📖 Read
via "National Vulnerability Database".
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39027 ‼
📖 Read
via "National Vulnerability Database".
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27183 ‼
📖 Read
via "National Vulnerability Database".
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26889 ‼
📖 Read
via "National Vulnerability Database".
The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28507 ‼
📖 Read
via "National Vulnerability Database".
Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28165 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.📖 Read
via "National Vulnerability Database".
🕴 White House Moves to Shore Up US Post-Quantum Cryptography Posture 🕴
📖 Read
via "Dark Reading".
Biden's executive order pushes new NIST quantum-cryptography standards and directs federal government to move toward quantum-resistant cybersecurity.📖 Read
via "Dark Reading".
Darkreading
White House Moves to Shore Up US Post-Quantum Cryptography Posture
Biden's executive order pushes new NIST quantum-cryptography standards and directs federal government to move toward quantum-resistant cybersecurity.
🕴 Scammer Infects His Own Machine with Spyware, Reveals True Identity 🕴
📖 Read
via "Dark Reading".
An operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla.📖 Read
via "Dark Reading".
Darkreading
Scammer Infects His Own Machine With Spyware, Reveals True Identity
An operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla.
🕴 Ikea Canada Breach Exposes 95K Customer Records 🕴
📖 Read
via "Dark Reading".
An unauthorized employee accessed Ikea's customer database, but it's unclear what the intention was.📖 Read
via "Dark Reading".
Darkreading
Ikea Canada Breach Exposes 95K Customer Records
An unauthorized employee accessed Ikea's customer database, but it's unclear what the intention was.
🕴 What We've Learned in the 12 Months Since the Colonial Pipeline Attack 🕴
📖 Read
via "Dark Reading".
The attack may have been "a major wake-up call" about the need for greater resilience in IT environments, but have security teams hit the snooze bar one too many times?📖 Read
via "Dark Reading".
Darkreading
What We've Learned in the 12 Months Since the Colonial Pipeline Attack
The attack may have been "a major wake-up call" about the need for greater resilience in IT environments, but have security teams hit the snooze bar one too many times?
‼ CVE-2021-27767 ‼
📖 Read
via "National Vulnerability Database".
The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28276 ‼
📖 Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27760 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28279 ‼
📖 Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28278 ‼
📖 Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29423 ‼
📖 Read
via "National Vulnerability Database".
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24099 ‼
📖 Read
via "National Vulnerability Database".
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".