‼ CVE-2022-22975 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22320 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218367.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26347 ‼
📖 Read
via "National Vulnerability Database".
TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address that could result in denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26400 ‼
📖 Read
via "National Vulnerability Database".
AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43066 ‼
📖 Read
via "National Vulnerability Database".
A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.📖 Read
via "National Vulnerability Database".
🔏 Top 6 Data Security Risks that Can Impact Your Bottom Line 🔏
📖 Read
via "".
We look at six data security risks that can jeopardize your organization's continued growth.📖 Read
via "".
Digitalguardian
Top 6 Data Security Risks that Can Impact Your Bottom Line
We look at six data security risks that can jeopardize your organization's continued growth.
🕴 Microsoft Simplifies Security Patching Process for Exchange Server 🕴
📖 Read
via "Dark Reading".
Delivering hotfixes and system updates separately will allow manual patching without requiring elevated permissions, Microsoft said.📖 Read
via "Dark Reading".
Darkreading
Microsoft Simplifies Security Patching Process for Exchange Server
Delivering hotfixes and system updates separately will allow manual patching without requiring elevated permissions, Microsoft said.
🕴 Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes 🕴
📖 Read
via "Dark Reading".
The technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography.📖 Read
via "Dark Reading".
Dark Reading
Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes
The technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography.
‼ CVE-2022-28234 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a heap-based buffer overflow vulnerability due to insecure handling of a crafted .pdf file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27800 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42648 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24102 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28231 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by an out-of-bounds read vulnerability when processing a doc object, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28235 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27791 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a stack-based buffer overflow vulnerability due to insecure processing of a font, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42646 ‼
📖 Read
via "National Vulnerability Database".
XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. Allows attackers to gain read access to sensitive information or cause a denial of service via crafted GET requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33315 ‼
📖 Read
via "National Vulnerability Database".
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27799 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24101 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28290 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27786 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of fonts that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".