‼ CVE-2022-1116 ‼
📖 Read
via "National Vulnerability Database".
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29581 ‼
📖 Read
via "National Vulnerability Database".
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1733 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1769 ‼
📖 Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository vim/vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22482 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22484 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.📖 Read
via "National Vulnerability Database".
🔏 Pharma Companies, UK Universities Failing to Protect Data 🔏
📖 Read
via "".
The findings come courtesy a new investigation via The British Medical Journal (BMJ).📖 Read
via "".
Digital Guardian
Pharma Companies, UK Universities Failing to Protect Data
The findings come courtesy a new investigation via The British Medical Journal (BMJ).
‼ CVE-2022-1706 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23671 ‼
📖 Read
via "National Vulnerability Database".
A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29429 ‼
📖 Read
via "National Vulnerability Database".
Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23669 ‼
📖 Read
via "National Vulnerability Database".
A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24890 ‼
📖 Read
via "National Vulnerability Database".
Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30688 ‼
📖 Read
via "National Vulnerability Database".
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23675 ‼
📖 Read
via "National Vulnerability Database".
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23674 ‼
📖 Read
via "National Vulnerability Database".
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1735 ‼
📖 Read
via "National Vulnerability Database".
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24611 ‼
📖 Read
via "National Vulnerability Database".
Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23673 ‼
📖 Read
via "National Vulnerability Database".
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22773 ‼
📖 Read
via "National Vulnerability Database".
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.1 and below, TIBCO JasperReports Server - Community Edition: versions 8.0.1 and below, TIBCO JasperReports Server - Developer Edition: versions 8.0.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.1 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.2 and below, and TIBCO JasperReports Server for Microsoft Azure: versions 8.0.1 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22775 ‼
📖 Read
via "National Vulnerability Database".
The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30689 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.📖 Read
via "National Vulnerability Database".