βΌ CVE-2022-20671 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20765 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20672 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20807 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20797 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20802 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20670 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20674 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20673 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20666 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20806 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1897 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20667 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20669 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
π΄ New Chaos Malware Variant Ditches Wiper for Encryption π΄
π Read
via "Dark Reading".
The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.π Read
via "Dark Reading".
Dark Reading
New Chaos Malware Variant Ditches Wiper for Encryption
The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.
π1
π΄ Scammer Behind $568M International Cybercrime Syndicate Gets 4 Years π΄
π Read
via "Dark Reading".
The 14th defendant behind The Infraud Organization contraband marketplace has been sentenced, this time for one count of racketeering.π Read
via "Dark Reading".
Dark Reading
Scammer Behind $568M International Cybercrime Syndicate Gets 4 Years
The 14th defendant behind The Infraud Organization contraband marketplace has been sentenced, this time for one count of racketeering.
βΌ CVE-2021-27780 βΌ
π Read
via "National Vulnerability Database".
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27781 βΌ
π Read
via "National Vulnerability Database".
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.π Read
via "National Vulnerability Database".
π΄ Space Force Expands Cyber Defense Operations π΄
π Read
via "Dark Reading".
Space Force's Delta 6 cyber-defense group adds squadrons, updates legacy Satellite Control Network.π Read
via "Dark Reading".
Dark Reading
Space Force Expands Cyber Defense Operations
Space Force's Delta 6 cyber-defense group adds squadrons, updates legacy Satellite Control Network.
π΄ Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks π΄
π Read
via "Dark Reading".
Organizations must ensure their kubelets and related APIs arenβt inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.π Read
via "Dark Reading".
Dark Reading
Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks
Organizations must ensure their kubelets and related APIs arenβt inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.
βΌ CVE-2022-25878 βΌ
π Read
via "National Vulnerability Database".
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto filesπ Read
via "National Vulnerability Database".