‼ CVE-2022-30067 ‼
📖 Read
via "National Vulnerability Database".
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29726 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24108 ‼
📖 Read
via "National Vulnerability Database".
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-24856 ‼
📖 Read
via "National Vulnerability Database".
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30007 ‼
📖 Read
via "National Vulnerability Database".
GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4957 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1116 ‼
📖 Read
via "National Vulnerability Database".
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29581 ‼
📖 Read
via "National Vulnerability Database".
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1733 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1769 ‼
📖 Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository vim/vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22482 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22484 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.📖 Read
via "National Vulnerability Database".
🔏 Pharma Companies, UK Universities Failing to Protect Data 🔏
📖 Read
via "".
The findings come courtesy a new investigation via The British Medical Journal (BMJ).📖 Read
via "".
Digital Guardian
Pharma Companies, UK Universities Failing to Protect Data
The findings come courtesy a new investigation via The British Medical Journal (BMJ).
‼ CVE-2022-1706 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23671 ‼
📖 Read
via "National Vulnerability Database".
A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29429 ‼
📖 Read
via "National Vulnerability Database".
Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23669 ‼
📖 Read
via "National Vulnerability Database".
A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24890 ‼
📖 Read
via "National Vulnerability Database".
Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30688 ‼
📖 Read
via "National Vulnerability Database".
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23675 ‼
📖 Read
via "National Vulnerability Database".
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23674 ‼
📖 Read
via "National Vulnerability Database".
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".