‼ CVE-2022-28162 ‼
📖 Read
via "National Vulnerability Database".
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0826 ‼
📖 Read
via "National Vulnerability Database".
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0424 ‼
📖 Read
via "National Vulnerability Database".
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22481 ‼
📖 Read
via "National Vulnerability Database".
IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks page, however they do not gain the ability to perform those tasks on the system or see any specific system data. IBM X-Force ID: 225899.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1047 ‼
📖 Read
via "National Vulnerability Database".
The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0898 ‼
📖 Read
via "National Vulnerability Database".
The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27114 ‼
📖 Read
via "National Vulnerability Database".
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28161 ‼
📖 Read
via "National Vulnerability Database".
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.📖 Read
via "National Vulnerability Database".
🕴 NFTs Emerge as the Next Enterprise Attack Vector 🕴
📖 Read
via "Dark Reading".
Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say.📖 Read
via "Dark Reading".
Darkreading
NFTs Emerge as the Next Enterprise Attack Vector
Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say.
🔏 NIST Revises Supply Chain Security Guidance 🔏
📖 Read
via "".
The primary audience for the revised publication is acquirers and end users of products, software and services.📖 Read
via "".
Digital Guardian
NIST Revises Supply Chain Security Guidance
The primary audience for the revised publication is acquirers and end users of products, software and services.
🕴 5 Tips to Protect Your Career Against a Narcissist 🕴
📖 Read
via "Dark Reading".
When you find yourself the target of a narcissist, familiarize yourself with their tactics and learn how to survive.📖 Read
via "Dark Reading".
Darkreading
5 Tips to Protect Your Career Against a Narcissist
When you find yourself the target of a narcissist, familiarize yourself with their tactics and learn how to survive.
👍1
‼ CVE-2022-30239 ‼
📖 Read
via "National Vulnerability Database".
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29971 ‼
📖 Read
via "National Vulnerability Database".
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30240 ‼
📖 Read
via "National Vulnerability Database".
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30335 ‼
📖 Read
via "National Vulnerability Database".
Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29933 ‼
📖 Read
via "National Vulnerability Database".
Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27308 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-28738 ‼
📖 Read
via "National Vulnerability Database".
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30524 ‼
📖 Read
via "National Vulnerability Database".
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27412 ‼
📖 Read
via "National Vulnerability Database".
Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29972 ‼
📖 Read
via "National Vulnerability Database".
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.📖 Read
via "National Vulnerability Database".