βΌ CVE-2022-22556 βΌ
π Read
via "National Vulnerability Database".
Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26867 βΌ
π Read
via "National Vulnerability Database".
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33473 βΌ
π Read
via "National Vulnerability Database".
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26869 βΌ
π Read
via "National Vulnerability Database".
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26868 βΌ
π Read
via "National Vulnerability Database".
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29718 βΌ
π Read
via "National Vulnerability Database".
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22557 βΌ
π Read
via "National Vulnerability Database".
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32250 βΌ
π Read
via "National Vulnerability Database".
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26866 βΌ
π Read
via "National Vulnerability Database".
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29085 βΌ
π Read
via "National Vulnerability Database".
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42877 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29084 βΌ
π Read
via "National Vulnerability Database".
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29767 βΌ
π Read
via "National Vulnerability Database".
adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections.π Read
via "National Vulnerability Database".
π’ IT Pro News In Review: Businesses cancel cyber policies, EE milestone, Costa Rica Conti attack π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News In Review: Businesses cancel cyber policies, EE milestone, Costa Rica Conti attack
Catch up on the biggest headlines of the week in just two minutes
π’ The cookie phase-out might precede an AdTech apocalypse π’
π Read
via "ITPro".
With the industry phasing out third-party cookies, what does this mean for businesses reliant on them to track and improve their campaigns?π Read
via "ITPro".
IT PRO
The cookie phase-out might precede an AdTech apocalypse | IT PRO
With the industry phasing out third-party cookies, what does this mean for businesses reliant on them to track and improve their campaigns?
π’ DOE βββββββββββββββfundsβ βdevelopment of Qunnect's Quantum Repeater π’
π Read
via "ITPro".
The $1.85 million grant will eventually pave the way for quantum internetπ Read
via "ITPro".
IT PRO
DOE βββββββββββββββfundsβ βdevelopment of Qunnect's Quantum Repeater | IT PRO
The $1.85 million grant will eventually pave the way for quantum internet
π’ Ministry of Defence pledges resilience to all known vulnerabilities and cyber attack methods by 2030 π’
π Read
via "ITPro".
New MoD cyber security strategy is underpinned by a 'secure by design' approach that will run across the organisationπ Read
via "ITPro".
IT PRO
Ministry of Defence pledges resilience to all known vulnerabilities and cyber attack methods by 2030 | IT PRO
New MoD cyber security strategy is underpinned by a 'secure by design' approach that will run across the organisation
βΌ CVE-2022-32271 βΌ
π Read
via "National Vulnerability Database".
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1987 βΌ
π Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32265 βΌ
π Read
via "National Vulnerability Database".
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1988 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.π Read
via "National Vulnerability Database".