‼ CVE-2022-23665 ‼
📖 Read
via "National Vulnerability Database".
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1586 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23662 ‼
📖 Read
via "National Vulnerability Database".
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23659 ‼
📖 Read
via "National Vulnerability Database".
A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23658 ‼
📖 Read
via "National Vulnerability Database".
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23661 ‼
📖 Read
via "National Vulnerability Database".
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23667 ‼
📖 Read
via "National Vulnerability Database".
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23660 ‼
📖 Read
via "National Vulnerability Database".
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23663 ‼
📖 Read
via "National Vulnerability Database".
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23664 ‼
📖 Read
via "National Vulnerability Database".
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23668 ‼
📖 Read
via "National Vulnerability Database".
A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1587 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23657 ‼
📖 Read
via "National Vulnerability Database".
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23670 ‼
📖 Read
via "National Vulnerability Database".
A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23666 ‼
📖 Read
via "National Vulnerability Database".
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
⚠ Apple patches zero-day kernel hole and much more – update now! ⚠
📖 Read
via "Naked Security".
You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-1753 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1723 ‼
📖 Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2013-10001 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26650 ‼
📖 Read
via "National Vulnerability Database".
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3.📖 Read
via "National Vulnerability Database".
🗓️ Firefox debuts improved process isolation to reduce browser attack surface 🗓️
📖 Read
via "The Daily Swig".
The goal was Win32k Lockdown – a serious step up in Windows security📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Firefox debuts improved process isolation to reduce browser attack surface
The goal was Win32k Lockdown – a serious step up in Windows security